Heartbleed: Imagine no SSL encryption, it’s scary if you try

A major flaw has been found in the software websites use to encrypt much of our secure communications. 1Password is not affected, but there are some things to be aware of while going just about anywhere on the web right now.

Large even prime number discovered

You have probably been taught that two is the only even prime number. But today mathematicians at the University of Southern North Dakota at Hoople have discovered a new, large, even prime. It is more than a million digits long and is equal to the value of 3²²³⁷⁵⁶¹+3¹¹¹⁸⁷⁸¹. Many people are under the erroneous belief […]

Crackers report great news for 1Password 4

oclHashcat v1.02 support added to crack 1Password Cloud Keychain: http://t.co/Mk9qnu5LhL — hashcat (@hashcat) March 9, 2014 To understand why this is really good news for us and for 1Password users, it is important to know what “crack” means in this context. I’ll come back round to that and why we encourage the developers of hashcat, […]

1Password security doesn’t depend on SSL

The security of your 1Password data does not depend on the security of SSL/TLS. 1Password keeps your data encrypted with your Master Password. This means that, even if an attacker is able to intercept the communication between your system and a sync server, they will not be able to decrypt your 1Password data. From the beginning, […]

Your Master Password is your defense from Dropbox breaches, real and imagined

Rumors of a Dropbox data breach spread this weekend, a breach that ultimately turned out to be false. But even in instances of false alarms, it is useful to remind 1Password users that their 1Password data cannot be decrypted without the Master Password. So let me take this opportunity to remind everyone that your 1Password data […]

The NSA can do what to my iPhone?

After Der Spiegel, along with Jakob Appelbaum at the 30th meeting of the Chaos Computer Club, published an astonishing trove of documents revealing a great deal of the extent of their penetration of the network and capabilities to install spying mechanisms into individuals’ computers and devices, one of the least significant documents is getting the most […]

Time to give 1Password 4 for Mac’s Security Audit a whirl

It was bound to happen eventually. A massive Adobe data theft of 130 million customer names, emails, encrypted passwords, source code, and more will enable almost limitless password reuse attacks in the coming weeks. Suppose you are one of the 130 million people who’s oddly encrypted passwords were among the Adobe password breach. Suppose that […]

1Password and The Crypto Wars

Of all of the revelations about the NSA that began in June and continue to this day, the one that has shocked me the most is the fact that the United States National Security Agency has been deliberately inserting weaknesses into security products and even into NIST standards. In light of this, it is fit […]

How long should my passwords be?

“How long should my passwords be?” A question like this depends on what kinds of password we’re talking about. The requirements for your 1Password Master Password, which you need to be able to remember and type, are very different from passwords you generate using the Strong Password Generator, which you never even have to look […]

Just in Time Decryption

1Password only decrypts what you need at the time you need it. If Molly (one of my dogs) is using 1Password to log in to SquirrelsAreEvil.net, only her SquirrelsAreEvil Login details are decrypted. Her RabbitRecipies Login, along with all her other hundreds of items, remain encrypted. I’d like to explain why this is such an […]