Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on October 20, 2015

1Password boosts security to avoid potential data leaks


1Password boosts security to avoid potential data leaks

1Password is changing the way it encrypts users data in an attempt to keep metadata protected.

The move comes after Dale Myers, a sofware engineer at Microsoft, exposed the password manager’s vulnerabilities. Myers post showed that the file formats being used by 1Password were not encrypted, meaning people who use the 1PasswordAnywhere service were having their login details saved in plain text, which isn’t ideal.

The reason 1Password hasn’t been encrypting its metadata is because when it first started out in 2008, it was unmanageable to decrypt users saved URLs every time someone wanted to access one.

This isn’t really an issue for people only using 1Password on their own machines as the company doesn’t save information on its own servers, but using the 1PasswordAnywhere service means the data is being accessed remotely on various machines, making it much more open to attacks.

1Password will be making the transition over the coming weeks, but if you’re concerned about security and want to make the switch now, you can do it manually using the instructions given by AgileBits, the app’s developer.

➤ When a leak isn’t a leak [AgileBits via Engadget]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with