How do you secure 1Password data on the macOS app store client?

Raz_Diaphed
Raz_Diaphed
Community Member
edited May 2020 in Mac

Your whitepaper states that the content is incomplete. I'm curious how you secure the data on macOS in the following situations, assuming that FileVault is off, has already been decrypted, or the macOS user is logged in:

  • 1Password is locked and requires the master password.
  • 1Password is locked and requires only Touch ID.
  • 1Password is unlocked by the user, and a hostile process is attempting to read the vaults.

Are there any differences between personal (1password.com) and primary (standalone) vaults in these situations?

Thanks!


1Password Version: 7.5
Extension Version: Not Provided
OS Version: macOS 10.15.5
Sync Type: Not Provided

Comments

  • DanielP
    DanielP
    1Password Alumni

    @Raz_Diaphed:

    1Password is locked and requires the master password.

    In this case, your 1Password data will be encrypted until you enter your Master Password. 1Password encryption is unrelated to FileVault, which could be enabled or disabled on your system.

    1Password is locked and requires only Touch ID.

    Same as above: until you unlock your 1Password app, your 1Password data will remain encrypted on your system.

    1Password is unlocked by the user, and a hostile process is attempting to read the vaults.

    In such a scenario, you have the possibility of a hostile process interfering with 1Password security. You should not run 1Password on a device that you suspect compromised. 1Password goes to great lengths to protect your data, and has several layers of security to do this, but an already-compromised system cannot offer you the security required for 1Password to do its job properly. In other words, if the foundation is rotten, everything that you build on top of it has the chance to not work properly as a consequence of this.

    Are there any differences between personal (1password.com) and primary (standalone) vaults in these situations?

    No, the only difference comes down to the Master Password used to unlock your 1Password app. If you have a Primary vault, 1Password will unlock using that Master Password, which has unlocking priority. If you do not have a Primary vault, you will unlock 1Password with the Master Password of the first 1Password account you have added to the app.

    ===
    Daniel
    1Password Security Team

This discussion has been closed.