Another query about the web client vs native clients, and security
Hello,
I’ve been using 1Password for years, and am currently using 1Password 6 on a Mac, plus the iOS apps, and syncing with DropBox. I’d like to upgrade to 1Password 7.
I’m another of those people who’s not fully comfortable with using the web client from a security perspective. I’m aware that the web client doesn’t transmit my master password or secret key to the remote servers. My concerns are due to the potential issues outlined in “Appendix A: Beware of the Leopard” in the security white paper, such as the possibility of a malicious version of the web client being delivered. I’ve also read comments such as this one by jpgoldberg about native clients vs the web client. Even though I know the risk is small, I’d prefer to do everything — or as much as possible — through a (signed) native client.
With this in mind, if I upgrade to 1Password 7, what are my options to completely avoid, or at least minimise, use of the web client?
1) Do I absolutely have to use the web client to administer my account (for example billing), or is that only if I subscribe instead of buying a standalone licence? If I buy a standalone licence, and continue to sync with DropBox, would that mean I could avoid the web client even for sign-up and billing?
2) In either case, how can I minimise my use of the web client? What functions is it absolutely required for? Could I only use it when I’m setting things up (e.g. maybe only once at the start) and then do everything else in the native clients?
3) Would this presumably reduce the risk, because there would only be a problem if something bad happens the one time that my browser fetches the web client, rather than if I use the web client every time I use 1Password?
4) If I want to get all the benefits of a 1Password subscription (e.g. Teams or Families) rather than a standalone licence, how much can I avoid the web client? Again, can I get away with using it only to set things up at the start before switching to the native clients for day-to-day use?
5) Is there a way to avoid using the web client by administering my account through the iOS app and/or subscribing through Apple’s App Store/in-App purchase? I guess not, otherwise you’d have recommended this already to people who raised this concern?
To be clear, I have no objection to buying a subscription instead of a standalone licence from a cost perspective. I’m very happy to support 1Password, and have definitely got my money’s worth out of my previous licences — thank you!
Comments
-
Hi @nettle
I think one could avoid the web app entirely if using an individual membership billed by a 3rd party (e.g. Apple App Store). For 1Password Families / 1Password Teams you would likely need at least minimal interaction for inviting your family / team members. All of the day-to-day functions can be performed in the apps, but some administrative tasks and 1st party billing are only available through the web app. You can further negate some of the need for the web app through the use of the CLI:
1Password command-line tool: Full documentation
In short: I think you can mitigate much if not all of your concern, depending on which level of membership you're considering and how comfortable you are working with our CLI.
I hope that helps!
Ben
0 -
Hi Ben.
Have you and staff considered redesigning the web client so that it only acts as an administrative portal and as a way back up/syncing data to registered devices?
So one would not be able to view or edit vault data (perhaps only edit vaults for travel mode) sort of akin to the way data is synced for standalone vaults to iCloud/Dropbox. (I realize these are not true backups per se like the data on 1PW servers).I think this could mitigate the risk of accessing data via web clients and “force” the safer use of native clients for data access.
You could also allow more administrative functions by the native clients so that the web portal is essentially for data back up and sync only.
Thanks
0 -
Have you and staff considered redesigning the web client so that it only acts as an administrative portal and as a way back up/syncing data to registered devices?
I don't see us going down that path. While there is a security benefit to using the native clients exclusively (namely code signing), there are also legitimate benefits to the web app (such as being able to access your data in a place where you cannot install software). We're not dictating that anyone access their 1Password data through the web app, but I also don't see us gutting that functionality from it. We built the web app understanding that it wouldn't be able to benefit from code signing.
You could also allow more administrative functions by the native clients
This is definitely something that has been discussed, and if there are major changes in this arena this is where I see them happening.
Ben
0 -
OK thanks for the reply.
Also as a follow up, because of app code signing and sandboxing in iOS, would you say that accessing sensitive accounts via their respective iOS apps through 1 PW iOS client (autofill enabled) would offer a security benefit over doing so analogously through the MAC 1 PW client/ browser extension? (current method of use)
Basically, does the “Crypto over HTTPS/ crypto in the browser” issue apply when accessing other accounts either through the 1PW iOS native client and their respective code signed apps or through the 1PW MAC client and it’s browser extension?
Thanks again.
0 -
The answer to both questions, in short, is no. There is a slightly elevated risk on Mac over iOS because iOS doesn't support browser extensions. If you're using browser extensions other than 1Password, there is the potential that those extensions could be doing something malicious. But if your only extension is 1Password, or you're otherwise (somehow) confident in your other extensions, then the difference is negligible.
Ben
0 -
Thank you.
0 -
Of course. You're most welcome. If there is anything else we can do, please don't hesitate to contact us.
Ben
0
