Can Hack Risk Be Reduced by Uninstalling 1Password Mini?
After reading the AgileBits blog about the current Mac OS vulnerability it sounds like I could reduce the hack risk for 1Password by uninstalling the 1Password mini app until/if Apple fixes their problem. Is this accurate? Can I just use the main 1Password App only without the mini app, and if so, will it reduce this hack threat?
Comments
-
You could use it that way, but the question about security was answered somewhere else in the forum. There is a larger security risk of copying your data into the clip board, where its is much more easily accessed, than of letting mini do its work.
0 -
@georgebh please see the very long discussion here in the Lounge. (A good place to start in that long thread is the post to which I've linked.)
Stephen
0 -
Thanks. I will read it.
0 -
1PW mini is the heart of 1PW, so I don't think you can uninstall it. You can certainly uninstall the browser extension. That gets rid of the vulnerability, though it makes entering passwords harder (you would have to use copy and paste).
But all that's really needed is to be careful when installing new apps. Make sure you trust the developer, and don't assume any more that an app from the App Store is guaranteed to be safe
0 -
Thanks @danco - that's a good point!
@georgebh, as danco said, 1Password mini cannot be uninstalled (without uninstalling the whole 1Password app, of course). It can be disabled from the 1Password preferences, or you can uninstall the 1Password browser extension, but then you would need to copy & paste data from 1Password into websites - and as hawkmoth mentioned, that's a much bigger risk.
In the comments of our blog post about this, one of our other team members, Khad, also mentioned this:
I believe it is much easier for malware to grab data from your clipboard than to exploit the issue discussed here. It is much safer to use the extension than to be shuttling passwords on your clipboard all the time.
Also, keep in mind that if a malicious app gets installed, it could just replace 1Password to steal your master password and data more directly. There is no need for all the song and dance.
The best thing to do is remain vigilant when installing software from trusted sources and trusted developers.
The link to the topic about this in our Lounge (from Stephen's message) has a ton of great information about all of this, so I highly recommend taking a look, especially at the post from jpgoldberg (which should be the first post you see when opening that link).
Please let us know if you have more questions about any of that! :)
0
