Is 1Password Mini safer with El Capitan? Has the security breach problem been fixed?

kohls

I have been avoiding the 1Password Mini and accessing websites directly from the app. Is the Mini safe now with El Capitan?

---

1Password Version: 5.3.2
Extension Version: 4.43
OS Version: 10.11
Sync Type: Dropbox
Referrer: forum-search:Is 1Password Mini safer with El Capitan? Has the security breach problem been fixed?

AGAlumB

@kohls: To be clear, 1Password mini is not vulnerable. And so long as you keep 1Password mini running, even in the event that you were to install malicious software on your Mac, it will not be able to impersonate 1Password mini if it is already running. I hope this helps! :)

kohls

I think I turned off the mini briefly at one time when all the fuss about XARA was going on. Was it vulnerable then? And am I safe now that its back on?

AGAlumB

@kohls: Sorry for the confusion! I touched on this in my previous post, but as discussed on the AgileBits blog and 1Password knowledgebase,

What you can do
1. Check “Always Keep 1Password Mini Running” in Preferences > General
In the specific attack that Luyi Xing demonstrates, the malicious malware needs to be launched before the genuine 1Password mini is launched. By setting 1Password mini to always run, you reduce the opportunity for that particular attack.

This hasn't changed. We still recommend keeping 1Password mini running at all times, as this will prevent any other app from being able to assume its identity. I hope that clarifies things. :)

kohls

OK. Thanks. I'll leave it on.

Drew_AG

@kohls, on behalf of brenty, you're very welcome! If you have more questions or need anything else, be sure to let us know - we're always happy to help. :)