Security features aren't "equivalent" depending on which 1P application one uses?
I am sure for good reasons, 1P and users of 1P are most always pleased to see a new release; in this case the Windows application 7.4.753. I understand that some of the improvements are "under the hood", security driven. As one who never uses the Windows application but rather 1P X 1.18, am I "losing" something in terms of security?
1Password Version: Not Provided
Extension Version: 1.18 X
OS Version: Windows 10
Sync Type: Not Provided
Comments
-
@jmjm - I'm not really sure what you're asking: are you losing something by using 1Password X instead of 1Password 7 for Windows as a result of this update to 1Password for Windows? No.
That said, the two are different products designed for different setups. 1Password X is a fantastic all-in-one solution that allows those with a 1Password account to use a completely in-browser setup. It means, anywhere you can install Chrome (or Chrome derivatives) or Firefox, you can now use 1Password -- Linux, Solaris, ChromeOS, you name it. 1Password for Windows is a dedicated, purpose-built client for Windows that builds literally and figuratively on a history of its predecessors. As a native application, you can do things with 1Password 7 for Windows that you can't with 1Password X -- such as use a mix of standalone vaults and 1Password accounts, or edit items directly on your own device when you don't have an internet connection, etc. Still, it's mostly a matter of choice in an environment where we DO have a native application (Windows, Mac). If you're wondering about something specific, feel free to ask.
0 -
My fault @Lars I am sure as I am treading in uncharted waters.
I have seen references here and there re some improved security elements in the most recent 1P Windows update...um...isolated process model, RUST...etc?
I was just wondering if there are any security disadvantages if one uses says 1P X rather than the newest 1P Windows Application (with the appropriate extension for the Windows app)?
Given that there are several different 1P "Apps" each able to do certain tasks differently i.e. there is not feature parity as far as I can tell; I was thinking such "inequalities" might extend to the security aspect of each also.
If and when you have time @Lars can you tell me where my thinking has gone awry?
0 -
You ask a hard question, @jmjm.
One thing to keep in mind is that security is something that always advances, and we aim to build in features or defenses before they are needed. So just because something gets done in one place, doesn’t mean that the others are unsafe.
In other cases, there are different kinds of threats that aren’t applicable in all cases. For example, with something like 1Password for Windows we have to work on securing the communication between the program and your web-browser, while with 1Password X we don’t have that issue. But there are things that work the other way around. The browser is a more hostile environment than the desktop, so there are security design elements that are only applicable to X.
So at this level we really can’t compare in the way that you ask. And so, continue to use 1Password X if that works well for you. There isn’t a way to say whether one client is more secure than another. We can say such things with respect to some very specific threats. But that is largely because of what is applicable in each situation.
1Password, across all clients, shares the same fundamental security design.
0 -
I guess it makes it a constant challenge to address security when there are these different applications of 1P. Thanks for keeping me safe behind the scenes. @jpgoldberg, thanks for taking the time to comment.
0 -
On behalf of Jeff, Lars, and the rest of the security team, you're very welcome. :)
Ben
0