Still wondering about security against social engineering

GabrielZ
GabrielZ
Community Member
in Mac

I am still wondering what measures Agilebits has in place in-house , in order to secure my confidential information against "social engineering".

I don't have any suspicions and no bad experience, but as a computer scientist I hear frequently that one of the most vulnerable links in the whole data security chain is the human factor.

No offense intended and keep up the good work,
Best regards,
Gabriel.

1Password Version: 6.1
Extension Version: 4.5.3
OS Version: OSX 10.11.3
Sync Type: iCloud

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @GabrielZ,

    For personal vaults stored on your Mac or in your iCloud or Dropbox account we have no access. We can't access even the encrypted copy as none of your data is available to us ever. It's this very reason why we also cannot help somebody regain access to a vault as there is no way to reset a Master Password or recover a vault due to data loss.

    For vaults stored in 1Password for Teams and 1Password Families it's not that different. Even though we store the encrypted vaults on our servers we have no way of accessing the contents. We've designed it so we can't help a person recover access to a vault and instead had to work on a way where a team can have people that fulfil that role. We've gone to great pains to try and ensure that even if we store an encrypted copy of the vault that we never have access. This is important to us and not just for reasons such as social engineering but because of the responsibility of holding data for others.

    We do hold certain data in connection to your licence if you purchased a 1Password licence from us. We hold a name and an email address as a minimal set of information and it may include a physical address if you supplied one. I haven't purchased a licence recently so I can't remember if the physical address is required. We're only willing to talk to the actual person and we do take that sort of thing seriously because it's important. In regards to licences the worst case scenario would be somebody stealing your licence and then us supplying a new one to the afflicted person although I've never seen an instance of this in all my time here. 1Password for Teams and 1Password Families does change the landscape and we are busy ironing out all the details because what you're referring to is very important and social engineering is a very real issue.

    I'm not entirely sure I've fully answered your question so I'll wait to see what you think and we can continue the discussion from there :smile:

  • GabrielZ
    GabrielZ
    Community Member

    Thanks a lot for your great response. (And sorry for the tardy follow-up on my side.)
    The design of the whole system seems to be perfect.
    I am wondering if there are any audits to ensure no backdoors or anything like that could get introduced covertly into the code .

  • Megan
    Megan
    1Password Alumni

    Hi @GabrielZ,

    We have not run any external audits on the 1Password apps themselves at this time, but we are running a bug bounty program for the 1Password for Teams and 1Password Families service to ensure that everything is ship-shape there.

    If you’d like a more in-depth answer, I’d be happy to bring one of our security experts into the conversation. :)

This discussion has been closed.