Extra security at this time?

ashleyk
ashleyk
Community Member
edited April 2022 in Lounge

I sent in a support ticket yesterday, but not yet heard back. Given the situation with Ukraine and reports that cyber attacks against the west are imminent I think we would all appreciate some reassurance that our data stored with 1Password is safe and perhaps some advice where possible on other steps we should be taking. I no longer even see the option for regular local backups of the vault like I had in the past.

I have heard that various governments are advising against using Kaspersky for anti virus software and that there is a Russian virus called Cyclops Blink that is specifically targeting Asus routers. No doubt there are other Russian related threats out there.

My wife is Ukrainian and all her family are still out there. The first hand accounts I have heard leave me in no doubt Russia wouldn't hesitate to launch attacks on our data if it undermined our response to the invasion.


1Password Version: 8.7
Extension Version: 2.3.1
OS Version: 12.3

Comments

  • Hey @ashleyk:

    This is a great question. The 1Password team stays alert at all times. And yes, we're currently doing our best and keeping an eye out just the same way everyone else is. But it's our job (and care for our customers) to protect 1Password data at all times, as best as possible, peace or not. Even a compromise of 1Password itself wouldn't lead to the disclosure of your data.

    Keep in mind that someone looking to target you and gain access to your 1Password data would need both your account password, and your Secret Key. Your Secret Key, only being needed once each time you add your 1Password account to a new device, is probably something you don't use often. Be skeptical about requests for your Secret Key and you'll likely be fine. Two-factor authentication is there if you're concerned that someone may acquire both of those secrets from you without acquiring a copy of your encrypted data, but ultimately, depending on encryption-based features is a lot more "comfy" than depending on authentication-based features, so protect your encryption secrets.

    The best advice that I can give at this point has nothing to do with 1Password itself. Be sure that all of your devices are up to date, check for updates manually if you have to. Make sure all the applications you use are up to date, especially your web browser. Go over each application you have installed, and remove anything you no longer use or need. Vet the extensions you use in your browser and consider which ones you actually need. Go over the permissions that each application and extension has, and consider turning off permissions that they don't crucially need. Vet the services connected to your most important accounts (like email or social media), and disconnect anything shady or unnecessary. Use strong and unique passwords everywhere, and follow along with Watchtower to see if anything you use has itself been compromised in some way. Consider enabling two-factor authentication for the individual services you use.

    Most importantly though, don't panic. Be skeptical, but not scared. Fear is one of the easiest ways to successfully phish someone, so keep that in mind when securing yourself. Being careful is fantastic advice, but don't over do it. Stay safe out there, and please get in touch if there's anything else we can help you with.

    Jack

This discussion has been closed.