“Sandboxed Mac apps can record your screen at any time without you knowing”; tips?

@XIII -- not really, no. There isn't much we can do that we're not already doing, to help protect you from this. First, any NON-Mac App Store app already had this functionality (ability to record screen shots), and it hasn't been a problem that we've observed. Additionally, the default behavior on a fresh install of 1Password for Mac is for passwords to be obscured. Users can change this in Preferences, but obviously we'd recommend you NOT do that.

Beyond that, the only time an app -- or a shoulder-surfer or nearby video camera, for that matter -- would be able to see your actual passwords would be on the hopefully rare occasions when you either reveal them or use the Large Type feature on individual passwords. Is it possible a malicious app could capture a password this way? Yes, in the same way a video camera or shoulder surfer could. Is it likely? Well, that depends -- if you've switched off the password obfuscation in Preferences, or you're often in the habit of revealing or using Large Text, the chance goes up. But the real answer here has to do with maintaining good security practices as a habit instead of relying on the tools alone. I know YOU do this, but for anyone else reading: don't install apps or utilities from sources you don't trust, no matter what kind of killer functionality they might give you. Don't click on links to URLs or (especially) executable files from unknown sources. Try to verify the hashes of software you download before you install it, when you can. Use the Mac App Store if you have a choice to, as Apple provides additional vetting of software they allow onto the Mac App Store.

It's important to remember, as Krause himself says in his post, this is only exploratory and a proof of concept -- he's aware of no such instances of an app even trying this, much less succeeding. Neither are we. Is it possible? Only under very specific conditions. Is it likely? Not that anyone's aware of.