How can we know that your app stores password in a safe way

pregmatch
pregmatch
Community Member

Your app i similar to Telegram chat story. First and basic rule of any security is do not implement it on your own.

The only way that I would use your app is that I know how, where and in what way your it stores sensitive data. The only way that I can be convinced is that you make your app open source and put gpl licence on it.

I think that you are taking people trust. For other that are interested in security little bit more then averege internet user I need your app to be verified and constantly double checked.

That being said. Thank you but no thank you. Do not be like other companies do something that meters.

Comments

  • Ledgem
    Ledgem
    Community Member

    What's the point of this post? You want 1Password to be open source? Take a look at what happened to OpenSSL recently, as well as Linux Kernel bug CVE-2014-0196, which went undetected for five years. The idea of "many eyes" in open source is nice in theory, but in practice it's clearly not a panacea.

  • hawkmoth
    hawkmoth
    Community Member

    I'll chime in that it would likely be hard to keep a business running if the product is open source and licensed under GPL. But it's also worth noting that AgileBits does publicly discuss exactly what security methods they employ and how they go about doing so. The blog on the main site is worth a look.

    Of course, that presumes that @pregmatch‌ is actually interested I learning more about the software and was posting in order to learn more.

This discussion has been closed.