How safe is 1Password Mini from malware attacks
Hi, We are seeing a lot in the news about Malware installed on home computers swiping browser stored usernames and passwords for secure sites. I NEVER allow my web browser to store ANY credentials, well except for one site (very irritating) that always autochecks the "remember me" checkbox faster than I can uncheck it while 1Password Mini enters credentials for me... But I DO USE 1Password and more pertinent to this discussion, 1Password Mini, to enter credentials for me on quite a few sites where I want to be able to log on securely.
How vulnerable do you think 1Password Mini might be to Malware that might be able to infect it, like it infects browsers themselves, and swipe all my credentials??? Is 1Password itself safer than using Mini???
The more I read, the scarier everthing about internet security seems to be. I'm just trying to do the best and smartest thing short of tossing all my computers and giving up on the internet.
Thoughts?? thanks...
1Password Version: 6.3.1
Extension Version: Not Provided
OS Version: 10.11.5
Sync Type: Not Provided
Comments
-
Hi @ditto,
First, I'll answer the easy one. If you have malware on your machine with sufficient privileges, it makes no difference whether you use 1Password main app or mini - they're both equally vulnerable as is any other apps you are running. But if you are concerned over a rogue website or a browser with malware javascript running "reaching through" the extension into 1Password mini, we've got you covered there. We have an article written on how we keep 1Password mini secure: https://support.1password.com/mini-extension-security/
We also have a series of articles related to malware. They're a bit older and were written regarding a specific malware attack, but still contain relevant information: https://blog.agilebits.com/2012/04/30/only-you-should-0wn-your-data-part-1-1password-and-flashback/
Those can be a bit lengthy, but feel free to ask any questions you may have.
While reading about malware, it's easy to become paranoid and stop wanting to use computers altogether, but I hope I can offer some perspective. Car accidents don't stop us from driving, house break-ins don't stop us from living in houses, and malware shouldn't scare us away from computers. There are a lot of risks in life. Like anything, we maintain awareness and do what we can to mitigate that risk, but we don't let it control our lives.
And of course, malware doesn't magically appear on our computers. We or our software has to let it in. We prevent that by doing the following:
- Don't open mail and message attachments you aren't expecting, even if they appear to be from someone you know. That person could have malware that emails it to everyone in their address book.
- When you see a link in a mail message, always be suspicious. Hover over the link with your mouse pointer and it will show the true link. There's a difference between https://www.facebook.com/login and https://www.facebook.com.sketchysite.org/login. When there's more between what you expect
www.facebook.comand the first/- it's best to ignore the link. - When logging into a site, check the address bar - it should have the proper site name, and a lock to indicate it's a secure site. Without those, be suspicious. Also if 1Password mini doesn't show the login item for the site you are on, and you know you have one, check the address bar. 1Password mini will only show that login if the site matches what you've saved in 1Password.
- Don't install software that you don't know where it came from. Research vendors before trying out their software. Read reviews, ask colleagues, etc.
- Keep up with your software updates - they contain security fixes designed to stop malware from entering your computer.
I hope that helps. Feel free to reply if you have further questions.
Cheers,
Kevin0 -
I appreciate the feedback... I will read your articles shortly... thanks much... bob
0
