Just how strong should a 1Password Master Password be? We recommend that Master Passwords be generated using our wordlist generator using passwords that are four words long. This gets you something like “napery turnip speed adept”. Among other things, this gives you the chance to learn new words. My dictionary has now informed me that […]
Author Archive for: Jeff
About Jeffrey Goldberg
Jeffrey Goldberg suffers from a pathological compulsion to explain things.
Entries by Jeffrey Goldberg
The Intel CPU flaw, that is being referred to as “meltdown”, is a big deal. But just because it is an extraordinary bug doesn’t mean that it requires an extraordinary response from most people. The same practices that you should already be doing are enough.
1Password’s browser extension has always been designed from the outset to keep you safe from some recently discovered browser based attacks on some password managers.
As the world now knows Equifax, the credit rating company and master of our fates, suffered a data breach in May and June 2017, which revealed to criminals details of 143 million people. (I would have liked to say, “143 million customers”, but that is very far from the case. We have no control at all over Equifax and other credit rating companies collecting information about us. We are neither their customers nor users.)
The revealed data includes:
Social Security numbers
Dates of birth
Driver’s license numbers (unspecified number of these)
Credit card numbers (209,000 of these)
Encryption is great. By magic (well, by math) it converts data from a useful form to complete gibberish that can only be turned back into useful data with secret number called a key. I happen to think that the term “key” that we use for encryption and decryption keys is a poor metaphor, as it […]
We should remember on this World Password Day that passwords have been around for thousands of years. They can’t be all bad if we’ve kept them around so long, but some things need to change. This year we are partnering with Intel to talk about layers of security, and in this article I’m going talk […]
Today we are upping the $$$ of our bug bounty program to further stress test the security of 1Password, and most importantly reinforce our commitment to keeping our customers’ data as safe and secure as it can be.
No 1Password data is put at any risk through the bug reported about CloudFlare. 1Password does not depend on the secrecy of SSL/TLS for your security. The security of your 1Password data remains safe and solid. We will provide a more detailed description in the coming days of the CloudFlare security bug and how it (doesn’t) affect […]
When you unlock 1Password there are lots of secrets it needs to manage. There are the secrets that you see and manage such as your passwords and secure notes and all of the other things you trust to 1Password. But there are lots of secrets that 1Password has to juggle that you never see.
We unequivocally encourage security researchers to poke around 1Password. It is an extremely important part of the process that helps us deliver and maintain a more secure product to everyone. There is now a public Bug Bounty program available for 1Password!