Does giving other apps Accessibility permissions put my 1Password data at risk?
Hi! I'm a long-time Mac user, relatively new 1Password user. On my Mac I use a handful of productivity/workflow apps like Mosaic, Timing, and Alfred that request various Accessibility permissions to do their thing. They usually need input monitoring, screen recording, automation, or the general accessibility "allow the apps below to control your computer" permissions.
After another such permission request this morning, I began wondering how that interacts with 1Password. If I give some app the input monitoring permission, can it read my master password while I'm entering it? Could these apps extract secrets from my vault or take screenshots of the contents, if they went rogue or had a vulnerability?
Older threads here in the forum said that 1Password uses the "secure input" OS feature to protect data. The current version of the security model article doesn't mention that any more, though: https://support.1password.com/1password-security/. Has this changed with version 8? And how do the new(er) macOS accessibility permissions impact this?
Productivity and security often seem to be at odds with each other, so I want to make sure I'm not undoing my own protection by using some tool just to save a few seconds.
1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: macOS 12.3