Using 1password for Families, from my office computer/network
I want to use 1password for families, from my office computer/network.
I hear that my company can do a Man in the Middle, with the Web SSL. i.e. In my browser, I think I see the company Cert. proxy the SSL.
How can I be sure that someone in IT cannot see my bank, or my SecretKey and Master Password when I user 1password for familes on the company Computer, or their WiFi (assuming I use a personal PC).
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @Endicot - Well this ties right into your previous question :smile: I'll be happy to explain how we secure your data in a little more detail.
There are three umbrellas of security protecting your 1Password.com account. Before all of them is your Master Password and Secret Key. In the standalone version of 1Password, everything is protected by your Master Password and all the security wizardry in the app. But in Families, the Secret Key is used to strengthen things even further. If you have a weak password, it's very unlikely someone will be able to access your data because the Secret Key is a 128-bit string of characters that's generated locally when you set up your account. It never leaves your device, and we ask that you print it out to have a copy in case you need it later.
It’s great to have a Master Password and Secret Key protect your data, but they also need to communicate with the server to access your data, so we use three layers to protect things at rest and in transit. The first layer is based on your Master Password and Secret Key, which are used to derive a secret that is used to securely encrypt all of your data, both at rest and in transit between your devices and our servers. The second layer is based on the Secure Remote Password protocol. It allows your devices and our servers to make sure they are who they say they are. This provides an additional layer of protection against attack. The third and final layer is the standard TLS/SSL protocol. This layer provides a final layer of encryption and also allows your web browser to indicate that you were communicating directly with a 1Password web server.
I hope this helped. If you'd like to learn more about the security of 1Password, head to https://1password.com/security. Let us know if you have any additional questions, I'll be happy to assist. Have a great weekend :+1:
0 -
Thanks. So layers 2 and 3 will prevent the company it from being able to do a man in the middle on my 1password?
0 -
@Endicot: Indeed! A lot of companies and "security" vendors break SSL/TLS, perhaps not for malicious reasons, but still this is a risk to anything we transmit, since it could be misused. And while 1Password only transmits your data after it's encrypted, and never transmits your Secret Key and Master Password, it's important to note that 1Password may not actually be able to establish a connection since it will be rejected if it is not end-to-end encrypted. So be sure to take advantage of the free trial to test for yourself in the environment you'd need to use it in.
0