A salt-free diet is bad for your security

I am not giving anyone health advice. Instead, I’m going to use the example of the recent LinkedIn breach to talk about hashes and salt. Not the food, but the cryptology. Before you dive into this article, you should certainly review the practical advice that Kelly has posted first. Also Kelly’s article has more information […]

Flashback to Leopard

It seems that my ability to predict the future with respect to Mac malware is, indeed, on par with Digitime’s ability to predict anything. Just recently I wrote, “on the Mac, Leopard and Tiger are no longer being updated”. To prove me wrong (yeah, I’m sure that’s why they did it), Apple has just released […]

Only you should 0wn your data, Part 3: The Mac malware landscape

It’s tough to make predictions, especially about the future. —Yogi Berra In Part 1 of this series I discussed how your 1Password data may (or may not) be threatened if your computer gets infected with some kind of malware, particularly Flashback. In Part 2, I reviewed the few simple things everyone should do to keep […]

New Problem for Old FileVault users

If you have been using Apple’s FileVault to encrypt your home folder on OS X, read on. There is an important security bug and action you should take. This is an Apple security issue that does not affect 1Password 3 or Knox for Mac, but it is an important enough issue that I’m announcing it […]

Only you should 0wn your data, Part 1: 1Password and Flashback

Over the last couple weeks, a topic in tech news has been Flashback, malware that seems to have gotten itself installed on (at least) about 600,000 Macs running OS X. Although there has been malware for Mac OS X for a long while, Flashback is the first to reportedly affect a substantial number of users. […]

1Password 3.6.5 for iOS is out with PBKDF2 goodness!

1Password for iPhone, 1Password for iPad, and 1Password Pro (for both iPhone and iPad) have just been updated to version 3.6.5. All of the changes are behind the scenes, but they include a great security enhancement to how your Master Password is protected. Different versions may become available at different times in different locations, so […]

OAuth, Dropbox, and your 1Password data

A number of iOS apps, including 1Password, have a security problem in how they handle OAuth tokens. 1Password 3.6.5, which was submitted to Apple several days ago, fixes this. This will be a free update for all owners of 1Password for iPhone, 1Password for iPad, and 1Password Pro (for iPhone and iPad). We can’t predict how […]

The ABCs of XRY: Not so simple passcodes

When talking about reports of tools that break into iPhones, it is very important to remember that the seller may be inclined to overemphasize its capabilities. It is also wise to keep in mind that the more sensational claims are the ones that tend to be picked up, and perhaps amplified, by the press. In […]

Strong Security Requires Strong Passwords

Elcomsoft just published a very informative review of the state of the mobile password manager landscape. They investigated the defences applications provide and how long it would take to discover someone’s Master Password. In their findings, they found that if on iPhone or iPad your 1Password Master Password contained only numbers and was 12 digits […]

Stop me if you’ve heard this password before

It seems that “Password1″ is the number 1 password on business systems. (Source Trustwave’s 2012 Global Security Report.) Of course if people used 1Password (the application, not as a password) they wouldn’t be stuck having to remember passwords. The reason, according to the report, that “Password1″ is so popular within businesses is that it meets the […]