What significance does this have for 1Password users? Maybe I’m misinformed, but I understood 1PW keys are stored in iOS keychain?
1Password Version: Not ProvidedExtension Version: Not ProvidedOS Version: Not ProvidedSync Type: Not Provided
Reading this article it appears an attacker must have access to the user's Apple ID credentials, and if two step authentication is enabled must also have access to a device that is authorized. It seems this just allows them to more easily view data they would have access to anyway?
If you are a 1PW Account/Family/Team member, then the Secret Key is stored in the iCloud Keychain as a convenience. This is so that as soon as you login from an authorized device it is available for you and all you need to do is type in your master password.
No other 1PW information is stored in iCloud Keychain, and particularly, your master password, which may be saved on the local device if you have touch id enabled, never leaves your device, cannot be backed up, etc.
If you are following what Agile bits tell us to do and have a strong, random master password, take care to keep your devices under your control, etc., you should be fine.
@steven1: Great summary! Thank you. :)
Before I used 1Password I would use iCloud Keychain for everything, would you all suggest it's still safe to use for all my passwords or just stick to one service. The only added convenience is I run the iOS 11 beta and I can autofill within apps automatically. I don't store my master password or anything like that in iCloud.
@AskAli: Apple has a really good track record, so while I don't believe that there's the level of information on their security architecture out there (compared to 1Password) I would not have a problem trusting them with a lot of things.
However, iCloud is really not good when it comes to interoperability and portability. Cross-platform support is pretty much nonexistent, and it's pretty tough to get data out of there. So for me the security isn't beneficial since there are other issues that stop me from using it extensively. Ultimately that's something that's up to you though.
@brenty Agreed. I use it just because it’s there. Otherwise I prefer 1Password in every way, which is why I got it in the first place. I just wanted to know if it’s relatively safe to keep stuff on it. Glad to know. :)
@brenty: did you check out this?
@XIII: Defnitely, but some details are missing with regard to the encryption keys. This is certainly partially due to Apple's relative secrecy in the industry, which is understandable to some extent for competitive reasons. But also it may be because Apple has been slowly changing things behind the scenes to move toward having less and less, presumably to avoid future clashes with from law enforcement. I don't know much about the iOS 11 in this regard and am looking forward to the next revision. :)