1Password data in iOS keychain remains safe
by Jeffrey Goldberg on
The very short answer is that your 1Password data, including information that 1Password stores in your iOS keychain, remain safe despite recent press reports that might suggest otherwise.
When reading press reports such as the one in PC World about work done by researchers at Fraunhofer Institute for Secure Information Technology it is easy to get the impression that all information stored in the iOS keychains can be acquired by an attacker. But that isn’t true. Only keychain information that is stored in the weakest of “protection classes” is exposed. 1Password uses the strongest protection class, and so your credentials used to automatically sync your data with Dropbox remains secure. This includes your master password on your device, your Dropbox login information, and your master password for your data on Dropbox.
I will write about this in more detail in a follow-up blog post, but I wanted to get the word out that in our security design, we anticipated that phones can be jail broken and various protection schemes can be subverted. We are pleased to say that our caution in how we store things in the iOS keychain has paid off for our users.
If you’re interested, the original research that led to the recent spate of articles is an enlightening read.