How secure is 1Password?

joaov777
joaov777
Community Member

Hello there,

I've been using 1Password for as long as the trial period lasts. So far, the system has been marvelous. It's been easy to use in every aspect and I have been very happy with its functionalities. However, I have been wondering how secure 1Password is. It's not that I have anything against 1Password. It's just that as a user, I feel a little unsecure regarding getting all my personal information regarding passwords, credit card numbers as well as notes on 1Password's servers. So I wonder if some users (who have been using 1Password for quite a while) and developers would provide me some information about 1Password's best practices regarding security.

I'm really motivated to pay the annual fee for its service. However, I would like to get some input from you first.

Thanks in advance.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @joaov777: Sure thing! The great thing about 1Password's security is that you have the power. 1Password's security model starts with a solid foundation of encryption, so that there's no backdoor (like someone who could be tricked into granting someone else access) so that you can use a Master Password of your choosing to secure your data. It can be as strong as you want it to be. And, on top of that, 1Password uses PBKDF2 to slow down attackers if they try to use automated brute force attempts to guess your password to break into your data.

    If that sounds simple, it's because we've done a lot of work to make sure it is to us as users. So all we have to worry about is choosing a long, strong, unique Master Password, and not telling anyone what it is. I hope this helps. I'm glad to hear that you're enjoying 1Password, and be sure to let me know if you have any other questions. :)

  • joaov777
    joaov777
    Community Member

    Thanks @brenty for your quick response. I had previously checked on this forum and the 1password community here seems to be very active. Which is awesome!

    I have a question. How can I access all my 1password data securely in a scenario in which I don't have my phone or personal laptop close? I mean, would the web environment be secure enough for me to retrieve what I want and log out even when it's done on a arbitrary machine?

    Thanks.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2018

    Thanks @brenty for your quick response.

    @joaov777: You're welcome! :chuffed:

    I had previously checked on this forum and the 1password community here seems to be very active. Which is awesome!

    I agree! We've got a great community here — and we're always happy to help too. :)

    I have a question. How can I access all my 1password data securely in a scenario in which I don't have my phone or personal laptop close? I mean, would the web environment be secure enough for me to retrieve what I want and log out even when it's done on a arbitrary machine? Thanks.

    In that scenario, it isn't the security of 1Password.com you need to worry about; it's the security of the device you're using to access sensitive data. After all, regardless of whether you're using 1Password or not, if you're accessing anything sensitive on a compromised, insecure device, it can be captured. So we do not recommend using 1Password in that kind of environment either.

    Now, in a true emergency, as an act of desperation, you may feel that the risk is justified. But that's a decision only you can make since it's your data.

    Suffice to say it's possible to access a 1Password.com account through the website, but whether or not doing so is a good idea is a judgment call on your part.

  • joaov777
    joaov777
    Community Member
    edited April 2018

    Thanks for the input once again, @brenty . I was wondering if there is any way for vaults to be protected with passwords. I mean, even if I log into my 1Password account on an arbitraty machine which I don't fully trust, would I be able to access only select vaults through password?

    I believe this would be important in scenarios in which I know for a fact I'm more likely to access such data through untrustworthy machines. This way I would still have another layer of security (vault password) in case a keylogger (for example) would keep whatever I typed to log into 1Password.

    Another question: What does that option "Safe for Travel" do on a vault?

    I am not sure whether I was clear enough with my words above. But I appreciate your help.

    Thanks.

  • No, we don’t have an option like that, and we really can’t build options that enable people to follow unsafe practices like logging in from an untrustworthy device. The reality is that if the device is compromised any data that you access from that device would have a high potential to be compromised. If you insist on doing so (you’re an adult; we can’t stop you ;) ) I suppose you could create a second account within your membership that only has access to a subset of your vaults. This would require 1Password Families or 1Password Teams.

    You can read more about Travel Mode here:

    Use Travel Mode to remove vaults from your devices when you travel

    I hope that helps!

    Ben

  • joaov777
    joaov777
    Community Member

    Thanks @ben for your response. I appreciate your support very much.

  • You’re very welcome. :) If we can be of further assistance, please don’t hesitate to contact us.

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @joaov777,

    I'm more likely to access such data through untrustworthy machines.

    I'd like to add to what Ben and brenty have already said. There is a popular myth that things like 2FA or other layers can protect you in such circumstances. But if you can see or uses your secrets on some machine that is untrusted, then whoever has compromised that machine can also see them.

    There are some minor exceptions that depend on various forms of sandboxing the the nature of the compromise. For example, 1Password does keep you safe if an attacker acquires read-only access to your disk or tries to tamper with 1Password data. Likewise it can protect you from superficial key loggers in many uses. But there is nothing that make it broadly safe to use compromised machine. Please be wary of any tool or mechanism that claims otherwise.

  • joaov777
    joaov777
    Community Member

    Hello, @jpgoldberg

    Thanks for your response. I do understand how dangerous it is to access sensitive data from an untrustworthy machine. All of you have been making things very clear to me too. It's a big issue and also a big reason why I'm paying for 1Password service. When I felt like asking and going further regarding this scenario, it's because I wondered what would be my possibilities to access my passwords in every possible scenario. So I gave an example just in case I would be far away from home (as well as from my phone) and had no other way to access my passwords. Then using an arbitrary machine would be the downside of it all.

    I have always been suspicious about everything on the internet and because of that, I have been always suspicious about password managers too. Maybe because I have also heard stories from friends about how security is compromised in many security companies. I truly don't feel like being a victim of that kind of attack. That's why I'm here using 1Password.

    So far I'm satisfied with the support I'm getting from you guys. It's definitely important to keep this level of closeness to the end users.

  • Thanks for saying so, @joaov777. :)

    Ben

  • johneffmiller
    johneffmiller
    Community Member

    I was reading through this very informative thread because I am also concerned with the safety of using the service. You have all given great feedback; however, your insistence that logging in on any unknown or untrusted device is such a terrible idea raises a much bigger concern for me.

    You are all very quick to assert the inability of 1Password to prevent a compromised machine from accessing all of the user's data. In the real world, 99.9 (or more) percent of us do not have 100% secure devices. That is in fact a huge portion (maybe a majority) of the reason that people would turn to this service - in order to limit exposure. If so much of the risk is on the device end, then using a service like 1Password would seem to exponentially increase that risk by putting all of our eggs in one basket, so to speak.

    I am confident that this is a very common concern, and I am very interested in hearing the logic or provisions in place that would address or reduce this risk.

    Which scenario is really more secure? Lots of individual high-strength passsords together in one potentially-accessible vault, or (as is my case) several clusters of medium strength passwords, each shared between a few different sites, but only recorded in my head?

    I hope this question does not come off as snarky or rude. I am in fact very interested in using this service. If you have any ideas about this that could help assure me that yours is the safer scenario, I would really appreciate the feedback.

    Thank you,

    John

  • AGAlumB
    AGAlumB
    1Password Alumni

    @johneffmiller: Thanks for chiming in! No offense taken. And, likewise, I hope you won't take this the wrong way, but I do think it's absolutely critical to be clear upfront that 1Password cannot protect us from ourselves. That is, if we grant someone else access to our data either by giving away our credentials outright or, we access data on a system where they have access to everything we do, all bets are off. I'm sure you understand that, but people of a wide variety of backgrounds and levels of interest use 1Password, and therefore visit this forum with questions, so we do want to be crystal clear about that, for anyone who might be reading. Thanks for bearing with us. :)

    I was reading through this very informative thread because I am also concerned with the safety of using the service. You have all given great feedback; however, your insistence that logging in on any unknown or untrusted device is such a terrible idea raises a much bigger concern for me.

    Correct me if I'm wrong, but I think maybe you're taking umbrage with the notion that suddenly everything is exposed if you sign into your 1Password.com account on a compromised machine. That isn't the case, and isn't what we're saying. However, explaining it in terms of "well, something could happen" or "it's likely" or "it's a risk" will be interpreted by a lot of people that it's not a big deal and maybe even could be a good idea, for the same reason people play the lottery: probability is not something humans easily grasp. The odds of winning the lottery are very, very bad. But people still do it. The odds of your computer getting infected are substantially better. I'm getting ahead here, but as you said yourself, "99.9 (or more) percent of us do not have 100% secure devices". And the odds of having data stolen in that scenario are substantially better.

    So I do think it behooves us to advise our customers not to access anything sensitive under those circumstances. I don't think that your estimates are accurate, or that we can even get reliable statistics given the nature of the antivirus business, which has an incentive to inflate them. But as Franklin said, "An Ounce of Prevention Is Worth a Pound of Cure": we're all better off if we're aware of the risks, rather than dismissing them, because then we can practice good security hygiene, both for using technology in general, and also, yes, when and where we use 1Password. Just as I imagine you wouldn't view sensitive information on your computer with someone standing over your shoulder, likewise you shouldn't with someone doing so digitally.

    You are all very quick to assert the inability of 1Password to prevent a compromised machine from accessing all of the user's data. In the real world, 99.9 (or more) percent of us do not have 100% secure devices. That is in fact a huge portion (maybe a majority) of the reason that people would turn to this service - in order to limit exposure. If so much of the risk is on the device end, then using a service like 1Password would seem to exponentially increase that risk by putting all of our eggs in one basket, so to speak.

    How so? In that scenario, whether you're using 1Password, another password manager, Notepad, or Excel to store passwords, your "basket" is exposed to anyone else with the same privileges on that machine as you as you access them. The only benefit to being a 1Password user if the machine is compromised is achieved only if you do not access your data, because in that case, it must be decrypted for you to view it, and then it's viewable by someone else in control of the machine.

    I am confident that this is a very common concern, and I am very interested in hearing the logic or provisions in place that would address or reduce this risk. Which scenario is really more secure? Lots of individual high-strength passsords together in one potentially-accessible vault, or (as is my case) several clusters of medium strength passwords, each shared between a few different sites, but only recorded in my head?

    I'm not sure how you'd even make such a calculation, because ultimately both depend entirely on your actions, which are not known and cannot be accounted for. For example, what does "potentially-accessible" mean? What's the context? Also, "shared between a few different sites" is similarly vague. So the best that can be said is that both approaches have different strengths and weaknesses.

    Storing passwords in your head is the most secure...but the problem is that almost no one can remember strong, unique passwords for everything; and absolutely no one can create truly random passwords (and if they could, again, remembering them is a problem).

    Password reuse is a bad idea because a single site which uses the same one being compromised can then expose n others (depending on how many places it's being used). But the worst thing about that is a password can be compromised through no fault of your own, through a website breach. Those get out on the internet, and can be tried anywhere, to get into other accounts. The only defense against that is a long, strong, unique password for every site, since then one compromise does not expose any others.

    Finally, and intentionally saving this for last, while there is no perfect security for data on a compromised machine, and we want to be sure that we don't lead anyone to believe that (hence the previous 80%), there are a number of ways 1Password can protect against specific types of attacks, even in a risky situation. First, the data on disk is encrypted. Full stop. So if you don't decrypt it to access it, the bad guys can't either. That will foil pretty much any attack. Next, even when you unlock 1Password, it doesn't decrypt all of your data at once; it only does specific things as you access them. A sophisticated attacker specifically targeting 1Password could work around this, but considering you've already let them in, it's better than nothing. Some other useful security measures are Secure Input to prevent your Master Password being captured as you enter it, and using the browser extensions to save/fill credentials, which bypasses the system clipboard (so that other apps even on a "secure" system which are unscrupulous or poorly written can't even mistakenly log 1Password data by monitoring the clipboard).

    Put another way, no one security measure, not even 1Password, can mitigate all risks, especially when we make mistakes and open the door to them. But having a well-thought-out security model and features to support it and guard against different types of attacks helps a lot.

    At the end of the day though, if I hand someone the keys to my car, I can't prevent them from stealing and/or crashing it. And that's why we will always advise against using 1Password in a high risk scenario. It's your call if you ignore these admonitions. Maybe nothing will happen. But because of the risks it's not something we can ever recommend.

    I hope this question does not come off as snarky or rude. I am in fact very interested in using this service. If you have any ideas about this that could help assure me that yours is the safer scenario, I would really appreciate the feedback.

    Absolutely! You raise a lot of reasonable points, and it's always good to discuss them so that we're not all just taking certain things for granted. I hope this helps clarify a bit, and I'm interested in any followup questions you might have. :)

This discussion has been closed.