SECURITY
1Password inter-process communication: a discussion
Wherein we discuss how 1Password protects inter-process communication in the face of cross-app resource access (XARA) attacks.
Continue readingWherein we discuss how 1Password protects inter-process communication in the face of cross-app resource access (XARA) attacks.
Continue readingSuppose you change your Master Password on one of your computers. The next time you unlock 1Password on some other device, you can unlock it with your new Master Password. How can 1Password on the second machine accept the new Master Password if we are careful to never store it?
Continue readingThere are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about what it means to say that a cipher is “broken”. Today’s word is “infeasible”.
Continue readingI’d like to take a moment to talk a little bit about how people who study password behavior go about their job. In the process, I would like to thank all password researchers and, in particular, Mark Burnett for both his years of excellent research and the help he has provided to other researchers. He is unequivocally one of the good guys, even if …
Continue readingEditor’s note: this blog was published in 2015, and refers to versions of 1Password that are no longer available.
Continue readingCopy & Paste clipboards (or “pasteboards” as they are called on Mac and iOS) can be dangerous places for secrets if you have malicious software running on your device. On most operating systems – mobile and desktop alike – most running applications can read from the system clipboard. When you copy a secret to the system clipboard, a malicious …
Continue reading