Security and keyboard drivers

@Paracas:

These drivers have direct access to the keyboard inputs and could, in theory, capture many confidential information (example, Logitech G Hub).

From a technical point of view, if these drivers can have direct access to keystrokes, then they have the possibility to capture all your typing information, despite protections put in place by applications installed on this machine. 1Password adds several layers of protection against various types of attacks (keyloggers included), but they cannot perform miracles on a compromised machine [1].

Therefore, anything you do to lower your attack surface is beneficial to your overall security posture. Not to mention that access to information stack layers below the one 1Password works at can be difficult to handle (or even detect) at the application layer (as is typically the case with drivers).

Should we be confident in the security model of these drivers? Or is it better to avoid or uninstall them altogether?

This is a judgement call that only you can make: do you trust the issuer of the drivers, and the security model of the drivers? And even if you do consider the drivers trustworthy right now(perhaps because you trust the company behind them, or perhaps because you have investigated the code yourself), they still are another potential avenue of attack, as they could still get compromised in the future: the fact that they have access to this information in the first place is what makes them risky. Only you can decide whether the benefit these additional features bring you overweigh the security risk.

===
Daniel
1Password Security Team

[1] From a security perspective, having access to keystroke information is equivalent to having a keylogger installed, so in that sense 1Password must consider that system compromised.