Is 1Password Mini safer with El Capitan? Has the security breach problem been fixed?

Options
kohls
kohls
Community Member

I have been avoiding the 1Password Mini and accessing websites directly from the app. Is the Mini safe now with El Capitan?


1Password Version: 5.3.2
Extension Version: 4.43
OS Version: 10.11
Sync Type: Dropbox
Referrer: forum-search:Is 1Password Mini safer with El Capitan? Has the security breach problem been fixed?

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @kohls: To be clear, 1Password mini is not vulnerable. And so long as you keep 1Password mini running, even in the event that you were to install malicious software on your Mac, it will not be able to impersonate 1Password mini if it is already running. I hope this helps! :)

  • kohls
    kohls
    Community Member
    Options

    I think I turned off the mini briefly at one time when all the fuss about XARA was going on. Was it vulnerable then? And am I safe now that its back on?

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @kohls: Sorry for the confusion! I touched on this in my previous post, but as discussed on the AgileBits blog and 1Password knowledgebase,

    What you can do
    1. Check “Always Keep 1Password Mini Running” in Preferences > General
    In the specific attack that Luyi Xing demonstrates, the malicious malware needs to be launched before the genuine 1Password mini is launched. By setting 1Password mini to always run, you reduce the opportunity for that particular attack.

    This hasn't changed. We still recommend keeping 1Password mini running at all times, as this will prevent any other app from being able to assume its identity. I hope that clarifies things. :)

  • kohls
    kohls
    Community Member
    Options

    OK. Thanks. I'll leave it on.

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    @kohls, on behalf of brenty, you're very welcome! If you have more questions or need anything else, be sure to let us know - we're always happy to help. :)

This discussion has been closed.