SECURITY
Back doors are bad for security architecture
by
Jeffrey Goldberg
Back doors into security systems weaken security. For everyone. This remains true despite wishful thinking on the part of those who may advocate back doors.
Continue readingBlog | 1Password
SECURITY
1Password inter-process communication: a discussion
by
Jeffrey Goldberg
Wherein we discuss how 1Password protects inter-process communication in the face of cross-app resource access (XARA) attacks.
Continue reading
NEWS
How 1Password syncs changes to your Master Password
by
Rick Fillion
Suppose you change your Master Password on one of your computers. The next time you unlock 1Password on some other device, you can unlock it with your new Master Password. How can 1Password on the second machine accept the new Master Password if we are careful to never store it?
Continue reading
SECURITY
Bcrypt is great, but is password cracking “infeasible”?
by
Jeffrey Goldberg
There are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about what it means to say that a cipher is “broken”. Today’s word is “infeasible”.
Continue readingSECURITY
When is a password leak not a password leak?
by
Jeffrey Goldberg
I’d like to take a moment to talk a little bit about how people who study password behavior go about their job. In the process, I would like to thank all password researchers and, in particular, Mark Burnett for both his years of excellent research and the help he has provided to other researchers. He is unequivocally one of the good guys, even if …
Continue readingSECURITY
TOTP support comes to 1Password
by
Jeffrey Goldberg
Editor’s note: this blog was published in 2015, and refers to versions of 1Password that are no longer available.
Continue reading