What protects my passwords from a virus on Windows?

I am an avid user of 1Password on Mac, and recently purchased a PC so I could have a lightweight, cheap laptop to take notes on in grad school. I've found that I use 1Password so much that I would like to put it on my PC as well. However, I trust this little notebook about as far as I can throw it. Without even going to sketchy websites, it regularly does things like change new tabs in my web browser to be a Google look-a-like. Nothing that seems like an aggressive virus has happened, but it makes me wary of putting all my most important information like passwords and credit card info on the computer. Could someone please walk me through what I can expect in terms of protection from 1Password if my computer were to become infected, and under what circumstances I should not expect my information to be safe? Any other thoughts are also welcome (including a virus protection software recommendation, but that would just be a bonus.)

Thanks!

Christie
Chapel Hill, North Carolina


1Password Version: 4
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Dropbox
Referrer: forum-search:What protects my passwords from a virus on Windows?

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    Without even going to sketchy websites, it regularly does things like change new tabs in my web browser to be a Google look-a-like. Nothing that seems like an aggressive virus has happened, but it makes me wary of putting all my most important information like passwords and credit card info on the computer.

    @christieps: I'm glad you brought this up! Now, I'm not sure what you mean with the 'Google look-a-like' stuff, so I won't comment on that without knowing more details first. Let me know!

    Could someone please walk me through what I can expect in terms of protection from 1Password if my computer were to become infected, and under what circumstances I should not expect my information to be safe?

    The short answer is that your vault is stored and encrypted using your Master Password. You can read about this in more detail in the knowledgebase:

    How does 1Password keep my data safe?

    Keep in mind that anything (or anyone) you give access to your system, if malicious, could simply access data as you do. After all, you need to unlock 1Password to use a login. And while it is stored on disk encrypted, it needs to be decrypted temporarily for it to be of any use to you. For example, if you mistakenly install a malicious app, it could simply collect data as you use it — or a malicious person with access to your machine could install something for the same purpose.

    But we're very conscious of this, so 1Password ~doesn't~ decrypt all of your data when you unlock the app. Instead, it only decrypts each item as you use it, so that your vault cannot be compromised simply by installing a malicious app. But it's important to only install software from trusted sources, because if you do give up your system to malicious software, anything ~not~ encrypted will be fair game. At the point when someone else 'owns' it, all bets are off. 1Password cannot protect you if you give your vault + password to someone else (or simply hand over the data in unencrypted form).

    Any other thoughts are also welcome (including a virus protection software recommendation, but that would just be a bonus.)

    On a more personal note, I don't use antivirus software on my main machines. While antivirus software can protect us from many known threats, unknown threats and zero-day exploits found in the wild are often impossible to detect until the vendors 'catch up', update their software, and we install the update on our own machines. In the mean time, it is often trivial for us to infect ourselves. So in the most critical stage there, our only defense is our own secure practices. There was some discussion about this earlier. I can't really top Alex's advice there, but here are some key points:

    • Install software only from trusted sources
    • Never accept anything you haven't sought out yourself
    • Remember that everything free has a hidden cost

    I think it all boils down to skepticism. Keep a clear perspective, don't fall for fear mongering, and don't take any one person's word for it — including mine. ;)

    Just keep in mind that neither 1Password nor antivirus software can protect you from yourself. When we hold the 'keys' to our data (or the computer itself), we need to guard it jealously. 1Password encrypts your data to secure it, but if you give someone your vault and Master Password they can access it just as you can. And antivirus can't stop you from running malicious software.

    I hope this helps. Be sure to let me know if you have any other questions! :)

This discussion has been closed.