Security concerns around 1Password7

Hi,

I've recently come across the following article highlighting a few alarming security concerns with regards to 1password7 and it's memory management and wanted to find out if any of them have been resolved and what's still outstanding?

Here is the article:
https://www.securityevaluators.com/casestudies/password-manager-hacking/

Thanks.

Comments

  • BenBen AWS Team

    Team Member

    Hi @roligov,

    This is an important topic, and it should not be taken lightly. Everyone needs to evaluate what their threat model is and see what protections are appropriate based on their situation. There will never be an all-encompassing piece of software which will allow you to say that you are "secure." That said... 1Password, including 1Password 7 for Windows, can absolutely help you move toward that goal. In summary: we agree that there are improvements that can and should be made both by us and by the industry as a whole. Using a password manager is still much better than not using one. We'll continue to look for ways in which we can address these concerns without creating others.

    We have published a knowledge base article on this issue. That article is available here:

    Managing 1Password Secrets in Memory

    If you have specific questions that have not been addressed in the above article, or if you'd like clarification on any points, please feel to reach out directly to our security team at [email protected].

    Thank you.

    Ben

This discussion has been closed.