No 1Password data is put at any risk through the bug reported about CloudFlare. 1Password does not depend on the secrecy of SSL/TLS for your security. The security of your 1Password data remains safe and solid. We will provide a more detailed description in the coming days of the CloudFlare security bug and how it (doesn’t) affect […]
Author Archive for: Jeff
About Jeffrey Goldberg
Jeffrey Goldberg suffers from a pathological compulsion to explain things.
Entries by Jeffrey Goldberg
When you unlock 1Password there are lots of secrets it needs to manage. There are the secrets that you see and manage such as your passwords and secure notes and all of the other things you trust to 1Password. But there are lots of secrets that 1Password has to juggle that you never see.
We unequivocally encourage security researchers to poke around 1Password. It is an extremely important part of the process that helps us deliver and maintain a more secure product to everyone. There is now a public Bug Bounty program available for 1Password!
Watchtower tells you when a site has been compromised without telling us which sites you have in your 1Password vault. Jeff explains how we put your privacy first when designing this feature.
This is going to be a long and technical article, but the point can be stated more simply: The kinds of security architectures in which it is easy to insert a back door are typically less secure than the security architectures in which it is hard to insert a back door. The back doors that […]
1Password is private by design. We cannot lose, use, or abuse data that we never have. Your data, your business.
Wherein we discuss how 1Password protects inter-process communication in the face of cross-app resource access (XARA) attacks.
Instead of inventing encryption that only government can break, we should just breed a special unicorn that magically blocks terrorist acts. —Ryan Paul Back doors into security systems weaken security. For everyone. This remains true despite wishful thinking on the part of those who may advocate back doors. The claim that back doors could be added […]
There are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about when it means to say that a cipher is “broken”. Today’s word is “infeasible”.
I’d like to take a moment to talk a little bit about how people who study password behavior go about their job.