I emailed to the support email address earlier in the week about a security flaw I discovered - a potentially serious one. I received automated email back but nothing else. I emailed again today along with screen shots. It appears that all my password data is available through Firefox opening of 1Password.html subsequent times on the same computer, after having been initially opened using the master password, until the computer is re-booted. This in Windows 7 Ultimate. I've confirmed this multiple times. When I initially open 1Password.html with Firefox on a freshly booted computer I get the main password window. After I've entered the password once I can continue to access all data without having to re-enter master password through the small "key" symble in the browser window so long as I don't re-boot the computer.
This is an obvsious serious security flaw. However, of more concern to me is where/how is the master password requirement being bypassed. Is this stored somewhere on the computer in memory or somewhere else where it is available to a hacker, how secure is my data on my ipad and iphone, in Dropbox, or on a thumb drive.
I spent quite a bit of time migrating from eWallet and I do love 1Password, but now I'm having very serious second thoughts after spending nearly 70.00 on a program that lets me get at my data for the rest of the day on my compuer, without challanging password entry each time.