How secure is this app?
I've been using the Mac version of 1Password for a number of years and am happy with the security around it.
With regards to Windows 10 beta - should we using our 'real' data with it? Are there gotchas that we need to be aware of?
For example, I installed the beta on my Windows 10 Lumia 930. I notice that the shortest timeout for auto lock is 30 seconds. So if you are using 1Password to look up your PIN (for example at an ATM) and someone takes your phone, they could have up to 30 seconds to get into your passwords ( I can see why the phone may not be set to auto-lock immediately but 1Password contains highly sensitive info). As such, I'm surprised there is no option for 'Immediately' or '10 seconds (for those of us to who pop out of the app but then remember they need something else so pop straight back in again). Granted, this is an edge case but not impossible as a lot of cell phones are stolen at ATMs.
Equally, when I uninstall the beta, then reinstall at a later date, I see a 'restoring data' section of the store. Is data backed up / synced using Windows syncing? Is this secure enough?
I guess the point is - even though this is a beta - should we be using our 'real' vaults with it at this stage? Has Windows 10 security been evaluated enough so Agilebits are happy with what it is doing?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Thanks so much for taking time to share this feedback with us, @architect1337!
I'm working to gather sufficient information to properly address your concerns, and one of us will follow up here as soon as possible.
0 -
Hey @architect1337,
We take security very seriously with all of our 1Password client applications, and we've got some of the best people in the business making sure we eliminate/limit the vulnerabilities. But I'm glad you're asking these questions and I'll try to address them point-by-point:
I notice that the shortest timeout for auto lock is 30 seconds. So if you are using 1Password to look up your PIN (for example at an ATM) and someone takes your phone, they could have up to 30 seconds to get into your passwords
The Windows 10 beta has very aggressive autolock option of 30 seconds, compared to 60 on iOS and five minutes on Mac OSX. But, if you'd like to be sure the app is locked, just hit the lock button before exiting.
Is data backed up / synced using Windows syncing? Is this secure enough?
Our app does not store any vault data so there's no need to worry about that :). Your data do not roam, but some of your settings do and we have them encrypted with your master password making it very secure, provided that your master password is not easily guessable.
I guess the point is - even though this is a beta - should we be using our 'real' vaults with it at this stage?
This is a beta, and our users are on the bleeding edge which comes with some inherent risks. But, there are plenty of people using their real vaults with our app (myself included).
I really hope I've answered your questions sufficiently. Our users are entrusting us with their most sensitive and intimate data, and I want to be sure that you have confidence in our ability to keep your data safe. If there is anything else you'd like to ask, or a point you'd like us to elaborate on, please ask away :)
0
