1Password security over public wifi network

CharPatton
CharPatton
Community Member

Hi i love your great program. Thank you for all the work you have put into it.

Here is a question regarding public wifi: how secure is your program when using this? Here's an example- I use a VPN called Anonymizer. It's a pretty good service, but does not have a built in kill switch. It intermittently drops the VPN for reasons that I don't understand. So this morning, while on the airport public wifi system, the Anonymizer connection was dropped. I didn't realize this and used 1Password over a non-VPN connected public wifi network. Does one need to worry about password security in this kind of scenario?

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @CharPatton,

    That's a great question, and I'm glad you're thinking strongly about the security of your data!

    The first thing I should explain is that 1Password is not a service that you connect to or log into - your data is stored locally on your Mac. If you sync your 1Password data using an option like Dropbox or iCloud, changes to your local 1Password vault would be sent to sent to those cloud services through your Mac's internet connection, but your data file is encrypted with an exceedingly secure encryption algorithm called AES. Even if someone were to acquire a copy of your 1Password data file, it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your master password. These knowledgebase articles have more information about how your 1Password data stays safe while syncing:

    Now, some customers ask us if their data is safe when using the 1Password extension in a web browser. The 1Password browser extension doesn't actually contain any of your data, so it doesn't know your master password or any data you store in your vault. When you unlock 1Password from the browser extension, you're actually unlocking 1Password mini (part of the main 1Password app). Data transfers occur locally on your Mac and are encrypted and authenticated. Therefore, your data cannot be sent to any other processes except for the 1Password extension and 1Password mini. We have more information here:

    When 1Password is unlocked, all of your data is still encrypted on disk just like when 1Password is locked. Only the specific piece of data you are accessing at any one time is decrypted. The rest of your data remains encrypted. Also note that even the bit that is decrypted is only decrypted in memory, so if someone were to try to remotely access your 1Password data even while 1Password is "unlocked" the data they would be accessing from your file system is all strongly encrypted like it always is. Decrypted data is not written to disk. For more information on how 1Password keeps your data safe, check out this article:

    There's a lot of information in the above articles, but if you're interested, you can find even more about the security of 1Password here: Security and Privacy

    I hope that all helps to answer your questions, but please let us know if you need anything else. We're always happy to help! :)

  • CharPatton
    CharPatton
    Community Member

    As always, thank you (and your company) for the truly awesome support that you provide! It is greatly appreciated.

    After reading your reply, I looked through a bunch of the article links that you provided and learned tons.

    Mucho Gracias!

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    That's great to hear that @drew was able to help @CharPatton :smile: If you have any other questions we'll do our best to answer those too.

This discussion has been closed.