1Password 3.6.5 for iOS is out with PBKDF2 goodness!

1Password for iPhone, 1Password for iPad, and 1Password Pro (for both iPhone and iPad) have just been updated to version 3.6.5. All of the changes are behind the scenes, but they include a great security enhancement to how your Master Password is protected. Different versions may become available at different times in different locations, so […]

OAuth, Dropbox, and your 1Password data

A number of iOS apps, including 1Password, have a security problem in how they handle OAuth tokens. 1Password 3.6.5, which was submitted to Apple several days ago, fixes this. This will be a free update for all owners of 1Password for iPhone, 1Password for iPad, and 1Password Pro (for iPhone and iPad). We can’t predict how […]

The ABCs of XRY: Not so simple passcodes

When talking about reports of tools that break into iPhones, it is very important to remember that the seller may be inclined to overemphasize its capabilities. It is also wise to keep in mind that the more sensational claims are the ones that tend to be picked up, and perhaps amplified, by the press. In […]

One phish, two phish; old phish, new phish

The easiest way to discover someone’s password is to ask them for it. —Folk wisdom in the security business There are many ways to trick people into revealing their passwords, but one of the most commonly attempted is phishing. If you can lure people to a website that looks like Paypal’s, but is actually under […]

PSA: Keep your software up to date (an ode to Apple Security Update 2012-001)

Apple released its first big OS X update of 2012 this week, and it’s pretty big. It’s easier than ever to keep your computer up-to-date these days, but it never hurts to review good habits, especially when it comes to keeping your computer and data secure. By far, the largest number of compromises of home […]

Staying ahead with security

We just released 1Password 3.8.11, and this seemingly minor update packs some important security changes under the hood. I’d love to share those with you all. For a quick review, recall that keeping 1Password secure is a process, and one which requires we at AgileBits keep our eyes on the horizon for potential threats to your […]

Defending against 1Password harvesters

We have some bad news and good news today about the state of Mac security. The bad news is that there’s a new malware variant out for the Mac, a trojan called DevilRobberV3, that tries to collect various pieces of data, including your 1Password data file. The good news is that your 1Password data is […]

Two Factor or not Two Factor

“Why doesn’t 1Password offer two factor authentication?” That is a question we face regularly, and one we often ask of ourselves. Ultimately, the question boils down to two kinds of data security risk: threats to confidentiality versus threats to availability. What is Multifactor Authentication? Before we descend into the buzzwords that this topic requires, let […]

Facebook and CAPS-LOCK: Unexpectedly Secure

It has recently been noted over at ZDnet that if your Facebook password is PattyAndMolly, Facebook will also accept pATTYaNDmOLLY as a valid password. This may initially seems look something that weakens users’ security. However it actually is a good thing. Facebook designed their system this way to help people log in even if they […]

Who do you trust to tell you who to trust?

The big security news of the past few days is the story of the compromise of the DigiNotar Certificate Authority and the subsequent issuing of fraudulent SSL certificates, leading to actual Man in the Middle attacks against Gmail users in Iran. If that previous sentence was gobbledygook, this post should explain some of it. It […]