Shellshock is bad, unique passwords are good

A new security bug, commonly known as Shellshock (Officially CVE-2014-6271, is bad. It is fair to say that a large number of servers (particularly web servers) were vulnerable to serious attack for some time. It is likely that many still are, and we are unlikely to learn about most of them. What are we do to? Answer: Use unique passwords […]

Watch what you type: 1Password’s defenses against keystroke loggers

I have said it before, and I’ll say it again: 1Password and Knox cannot provide complete protection against a compromised operating system. There is a saying (for which I cannot find a source), “Once an attacker has broken into your computer [and obtained root privileges], it is no longer your computer.” So in principle, there […]

Heads up: Your best defense against the Russian hacker data breach is still strong, unique passwords [Update: And a sale!]

A Russian hacking team claims to have nabbed billions of Logins and email addresses. Fortunately, defending against these breaches is pretty easy with 1Password.

1Password is a very safe basket

—– The right way to build reliable systems is to put all your eggs in one basket, after making sure that you’ve built a really good basket. —– When you use a password manager, you are putting a great deal of valuable and sensitive information in one place. The expression, putting all your eggs in […]

No, you do not need to change passwords in response to the OpenSSL CCS bugs

For the third time this year, there is yet another flaw in an underlying security technology used across the net: the recently fixed OpenSSL bugs announced on June 5. For our customers, we are happy to report that 1Password is not affected by bugs in SSL implementations, nor do these bugs require that most people change passwords. 1Password is not affected […]

Password reuse lands Find My iPhone users in expensive hot water

There are plenty of examples as to why friends shouldn’t let friends reuse passwords, but some users of Apple’s Find my iPhone have become the latest omen of why this practice is so dangerous. On Tuesday, May 27, The Verge reported that Apple’s Find my iPhone feature was being used to lock devices for ransom. […]

Introducing the 1Password Watchtower service for Heartbleed and beyond

When news of the internet’s Heartbleed bug broke last week, we published what we knew about it and the implications for 1Password and 1Password users. To recap: 1Password is not affected by Heartbleed, but there are steps you need to take to protect your passwords from sites that may have been affected. Today, we’re introducing a […]

Heartbleed: Imagine no SSL encryption, it’s scary if you try

A major flaw has been found in the software websites use to encrypt much of our secure communications. 1Password is not affected, but there are some things to be aware of while going just about anywhere on the web right now.

Your Master Password is your defense from Dropbox breaches, real and imagined

Rumors of a Dropbox data breach spread this weekend, a breach that ultimately turned out to be false. But even in instances of false alarms, it is useful to remind 1Password users that their 1Password data cannot be decrypted without the Master Password. So let me take this opportunity to remind everyone that your 1Password data […]

The NSA can do what to my iPhone?

After Der Spiegel, along with Jakob Appelbaum at the 30th meeting of the Chaos Computer Club, published an astonishing trove of documents revealing a great deal of the extent of their penetration of the network and capabilities to install spying mechanisms into individuals’ computers and devices, one of the least significant documents is getting the most […]