is my data in 1Password vulnerable to spyware when the application is open for data entry?
This is a pre-sales inquiry. I use Apple Mac and Android devices. I use Avast Mac Security with Secureline VPN on my Mac systems and Armor for Android on my smartphone, but I know there is always the possibility that a new spyware threat could slip through frontline security. I need to know just how secure my information would be in 1Password. I think the situation in which my data would be most vulnerable to spyware theft would be while the application is open with internet connectivity, while I'm performing data entry. Can 1Password security fully protect my information in any situation of normal use?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:vulnerability to spyware during data entry
Comments
-
Greetings @deanctil,
I think the best way to start this discussion is to point you towards a couple of post by our resident security expert, Jeffrey Goldberg. The posts can be found at:
- Watch what you type: 1Password’s defenses against keystroke loggers
- 1Password inter-process communication: a discussion
The first is actually referenced in the second. I figure these might help and I doubt I can do a better job than Jeffery has. It may help answer your question or simply generate more but it's a good place to start I believe :smile:
0 -
Can I operate 1Password for data entry without a live internet connection?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Can I operate 1Password for data entry temporarily, without a live internet connection? Would this reduce the risk of spyware acquisition of data that I enter?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Thank you very much. I've posted a follow-up question.
0 -
Yes: 1P never needs an Internet connection if you don't need one. In other words, all your 1Password data are stored locally so you can edit and view the data to your heart's content when you're off-line.
Edit: @deanctil I answered your older post then found the newer one. Please avoid posting in two threads about the same problem as it makes support more of a challenge and also makes it's harder for you to find the answer you need.
Would this reduce the risk of spyware acquisition of data that I enter?
I suppose that might possibly be so—although much spyware won't rely on you being on-line other than at the time it's downloaded and at the time it "reports to base". Personally I never worry about going off-line in order to add to or edit 1P data.
Stephen
0 -
Hello @deanctil,
I don't really have much to add to Stephen_C's response. He's correct that 1Password doesn't require an active internet connection and like him, I doubt working off-line would help at all if your machine is compromised. Essentially if you can't trust the operating system there's little you can do except wipe the machine.
0
