security concerns about 1password.com
Hi!
I just migrated from my standalone 1Password 6 license to 1Password account. Now I have some concerns about it…
The 1password.com website can reveal passwords on a webpage. Well it is claimed to be end-to-end encrypted, but that means browsers decrypt the data locally. But browsers are known as very very complicated softwares and JavaScript is not good at clearing objects in memory. So if the browser get compromised (buggy or use a "backdoor-ed browser"), does that mean the data is unsecured?
Personally I installed many plugins and extensions in my browser, but it is quite impossible to confirm all of them are absolutely secure. Sometimes you also have to see passwords on a public computer… So I'm thinking that if using the 1password.com website can cause security problems.
Thank you! That's pretty important to me.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
You may be interested in reading the answers I got to a similar question here:
https://discussions.agilebits.com/discussion/comment/333986/#Comment_333986
I've started using profiles in Chrome because of this.
0 -
@BXIA: Indeed, defnitely check out the discussion pervel linked and don't hesitate to ask any followup questions you may have.
The biggest risk with regard to using 1Password in the browser is that you may be giving other extensions access to everything you do there...but this risk isn't limited to 1Password.com or even the 1Password browser extension, but rather anything you do in your browser which you would not wish to share.
But you're right that if the browser itself is not trustworthy (compromised by malware or on a machine you do not control) that poses a similar risk. So we each need to take these things into consideration and choose carefully who and what we trust. And asking these kinds of questions is a great way to get there. Knowledge is power. :)
0