Blog | 1Password
SECURITY
Back doors are bad for security architecture
Back doors into security systems weaken security. For everyone. This remains true despite wishful thinking on the part of those who may advocate back doors.
Continue readingSECURITY
1Password inter-process communication: a discussion
Wherein we discuss how 1Password protects inter-process communication in the face of cross-app resource access (XARA) attacks.
Continue readingNEWS
How 1Password syncs changes to your Master Password
Suppose you change your Master Password on one of your computers. The next time you unlock 1Password on some other device, you can unlock it with your new Master Password. How can 1Password on the second machine accept the new Master Password if we are careful to never store it?
Continue readingSECURITY
Bcrypt is great, but is password cracking “infeasible”?
There are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about what it means to say that a cipher is “broken”. Today’s word is “infeasible”.
Continue readingSECURITY
When is a password leak not a password leak?
I’d like to take a moment to talk a little bit about how people who study password behavior go about their job. In the process, I would like to thank all password researchers and, in particular, Mark Burnett for both his years of excellent research and the help he has provided to other researchers. He is unequivocally one of the good guys, even if …
Continue reading