Security throughts

gunnaringvi
gunnaringvi
Community Member

Hi there

I am currently using 1Pass 4 which uses local repository. I need to upgrade since 1Pass 4 is old and sluggish. I've few questions about 1Pass 8 before I upgrade:

1) All data is stored on 1 Password servers in the cloud but it is encrypted with secret key. Meaning that no one can decrypt it, not even the 1Pass team. However when I click on Sign in on the website, there is an option to submit the secret key and I am assuming it is to get the data via browser. Someone at 1Pass or on hacker can actually target that website to grab the secret get and therefor get access to all my data?

2) Same thing with the 1Pass app, if someone manages to tamper with the source code he/she can get all the user/pass/secret data and pull down the all the password. This can not be done if the user is using his own storage for data or even dropbox.

Large scale exploit would be super hard to accomplish if the secret repository is all over the place where the user decides instead of having millions of password in one place in the cloud?

My point is, 1Pass is probably a huge target and does not seem to be far from reality to hit a large scale password breach?

Please help me understand why it is secure or more secure than using local respository. As far as I can read, 1Pass 8 only supports this one place for storing data - That is in the 1Pass cloud?

Thank you,
best regards,
Gunnar


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hello @gunnaringvi,

    Thanks for your message and interest in updating to 1Password 8!

    Security is our number one priority at 1Password. With a 1Password account, the secret key and account password are the "keys" both required to unlock and decrypt your data in your 1Password database. This goes for the app as well. With the data stored locally, or on 1Password, a malicious user that has access to your database, can't decrypt it without both "keys", which are only known to you. Below I'd like to provide you with a few links that go into further detail about 1Password Security:

    I'd also like to point you to our White Paper if you are interested in a further look at 1Password Security.

    If you'd like to take the next step in upgrading to 1Password 8, I'd urge you to get in touch with our support team who can assist with migrating your data over from 1Password 4. We can be reached at support+forum@1Password.com. Once you've sent your email, can you provide us with the support ID that will arrive in this format [ABC-12345-678]. This will help us to locate your email so the appropriate team can assist you further.

    Looking forward to hearing from you soon.

This discussion has been closed.