Key Logger
Comments
-
Hi @bridgeaim - thanks for the question! The answer is: it depends on a number of factors. To be clear, if an attacker has managed to either socially engineer you or otherwise gain access to your computer (remotely or physically), such that they are able to execute arbitrary code, running as root, then your computer can no longer really be considered your own. Having said that, 1Password does provide some robust defenses, even in such cases. This blog post from 2014 by our Chief Defender Against the Dark Arts, Jeffrey Goldberg, is a good example of the kinds of countermeasures we were taking all the way back then.
We like to tell people who are interested that security is a process, not a product. It's something the user him/herself has to participate in actively and regularly for it to be comprehensive. If there were a single product that could demonstrably keep users safe at all times, under all circumstances, everyone would already own it, no matter how much it cost. Perfect security forever? Yes, please -- just tell me how much I need to pay!
In the real world, neither 1Password nor any other product can (reasonably) claim to be that perfect product. There are certainly ways that have nothing at all to do with 1Password by which your computer could be compromised to such a degree that yes, your Master Password, your Secret Key (if you have a 1password.com account), and therefore, all your data stored in 1Password could be compromised. Used correctly (i.e. - create a long, strong Master Password and do not share it with others, etc), 1Password will keep your data securely encrypted and as close to impenetrable as we can make it. But if you feel (or you know for certain) you've been the victim of a keylogging attack or other intrusion onto your computer, I would change my passwords at all the sites you use, starting with the most important/sensitive, and also change the Master Password and Secret Key (if you have a 1password.com account).
0
