iOS can be hacked! Is my 1Password information safe?

The very short answer is that your 1Password data, including information that 1Password stores in your iOS keychain, remain safe despite recent press reports that might suggest otherwise.

When reading press reports such as the one in PC World about work done by researchers at Fraunhofer Institute for Secure Information Technology it is easy to get the impression that _all_ information stored in the iOS keychains can be acquired by an attacker. But that isn’t true. Only keychain information that is stored in the weakest of “protection classes” is exposed. 1Password uses the strongest protection class, and so your credentials used to automatically sync your data with Dropbox remains secure. This includes your master password on your device, your Dropbox login information, and your master password for your data on Dropbox.

I will write about this in more detail in a follow-up blog post, but I wanted to get the word out that in our security design, we anticipated that phones can be jail broken and various protection schemes can be subverted. We are pleased to say that our caution in how we store things in the iOS keychain has paid off for our users.

If you’re interested, the [original research][sit_PDF] that led to the recent spate of articles is an enlightening read.

[sit_PDF]: http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf

We'd love to hear your comments in our forum!