Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

1Password - how safe is it?

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
Fluke
Lemon Slice
Posts: 609
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

1Password - how safe is it?

#367618

Postby Fluke » December 19th, 2020, 8:37 am

I mean I store all my passwords in it including bank/investment accounts, and for each login/password entry I’ve got an associated 'secure note' containing all the security questions and answers relating to that account. If anyone got hold of the password and hacked their way into my iPhone they’d have a field day.

I’m seriously thinking of going back to pen and paper, at least for the most important accounts.

Am I being paranoid?

scrumpyjack
Lemon Quarter
Posts: 4812
Joined: November 4th, 2016, 10:15 am
Has thanked: 606 times
Been thanked: 2675 times

Re: 1Password - how safe is it?

#367621

Postby scrumpyjack » December 19th, 2020, 8:43 am

You really have no way of knowing whether it was really developed by Chinese/Russian/North Korean state hackers and automatically passes on everyone's passwords to their equivalent of MI5. They say it's all protected by fancy encryption and stored on safe servers. But who knows.

It might be paranoid to think that or .....?

ps I use Lastpass and the same probably applies :D

JohnB
Lemon Quarter
Posts: 2497
Joined: January 15th, 2017, 9:20 am
Has thanked: 677 times
Been thanked: 997 times

Re: 1Password - how safe is it?

#367636

Postby JohnB » December 19th, 2020, 9:28 am

I'm going through the pain of adding passwords to KeePassXC, but I'd not use it for anything that stored money, like banks and brokers, only accounts that had credit card and bank details, as the anti-fraud measures for the latter make up for the convenience. I know the program is open source, but you never know if a backdoor gets introduced in the supply chain.

You know when people steal your obfuscated piece of paper, and they are most unlikely to apply password crackers to it.

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: 1Password - how safe is it?

#367660

Postby Infrasonic » December 19th, 2020, 10:32 am

No such thing as 100% secure, but having something is better than nothing. The backdoor issue is difficult to analyse and quantify realistically.
You'll just have to become a keen reader of the security focused tech press and act accordingly if there's a serious issue highlighted in future... :)

Multifactor authorisation is a good way to increase the security of sensitive accounts or system log ins, hardware options like U2F keys are becoming more widely accepted and working with a wider range of services, including password managers.
https://en.wikipedia.org/wiki/Universal ... 20natively.

Or 2FA authentication apps are available, including big players like Microsoft and Google -- which will also work offline.

GrahamPlatt
Lemon Quarter
Posts: 2059
Joined: November 4th, 2016, 9:40 am
Has thanked: 1032 times
Been thanked: 823 times

Re: 1Password - how safe is it?

#367698

Postby GrahamPlatt » December 19th, 2020, 12:41 pm

Fluke wrote:I mean I store all my passwords in it including bank/investment accounts, and for each login/password entry I’ve got an associated 'secure note' containing all the security questions and answers relating to that account. If anyone got hold of the password and hacked their way into my iPhone they’d have a field day.

I’m seriously thinking of going back to pen and paper, at least for the most important accounts.

Am I being paranoid?


In case you do (go back to paper), have a look at this: https://www.labnol.org/software/write-p ... per/12972/

I’ve others of the kind, with various symbols (hearts/clubs etc) in the rows & columns.

Arborbridge
The full Lemon
Posts: 10369
Joined: November 4th, 2016, 9:33 am
Has thanked: 3601 times
Been thanked: 5227 times

Re: 1Password - how safe is it?

#367716

Postby Arborbridge » December 19th, 2020, 2:24 pm

Fluke wrote:I mean I store all my passwords in it including bank/investment accounts, and for each login/password entry I’ve got an associated 'secure note' containing all the security questions and answers relating to that account. If anyone got hold of the password and hacked their way into my iPhone they’d have a field day.

I’m seriously thinking of going back to pen and paper, at least for the most important accounts.

Am I being paranoid?


If you are, then I am too!

I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.

Arb.

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: 1Password - how safe is it?

#367717

Postby kiloran » December 19th, 2020, 2:33 pm

Arborbridge wrote:If you are, then I am too!

I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.

Arb.

Do you have a photocopy as backup in case you lose your book? ;)
If you are not aware, Keepass is open-source so if there is anything naughty in the code it would have been found by now. And the passwords are not stored with a third party, they are stored in an encrypted file on your PC (or phone or tablet).

--kiloran

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: 1Password - how safe is it?

#367723

Postby Infrasonic » December 19th, 2020, 2:50 pm

kiloran wrote:
Arborbridge wrote:If you are, then I am too!

I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.

Arb.

Do you have a photocopy as backup in case you lose your book? ;)
If you are not aware, Keepass is open-source so if there is anything naughty in the code it would have been found by now. And the passwords are not stored with a third party, they are stored in an encrypted file on your PC (or phone or tablet).

--kiloran


Fire!

I know it's pedantic but unless you have a PC/Phone that is also open source on its firmware (BIOS and chip microcode) then you're still vulnerable to proprietary exploits, as per the Intel Spectre et al scare a while back. There are some open source boutique PC manufacturers in the Linux space...

scrumpyjack
Lemon Quarter
Posts: 4812
Joined: November 4th, 2016, 10:15 am
Has thanked: 606 times
Been thanked: 2675 times

Re: 1Password - how safe is it?

#367731

Postby scrumpyjack » December 19th, 2020, 3:26 pm

So presumably before installing keypass one should download all the source code to one's PC and review it very carefully line by line for any back doors or malicious code. Then compile the EXE oneself before installing it?

Can't see many users doing that, or being competent to do it?

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: 1Password - how safe is it?

#367734

Postby kiloran » December 19th, 2020, 3:36 pm

scrumpyjack wrote:So presumably before installing keypass one should download all the source code to one's PC and review it very carefully line by line for any back doors or malicious code. Then compile the EXE oneself before installing it?

Can't see many users doing that, or being competent to do it?

I think that's going a wee bit too far :lol:
But since it is a piece of security software, I think we can safely assume that competent people have had a good look at it.

--kiloran

scrumpyjack
Lemon Quarter
Posts: 4812
Joined: November 4th, 2016, 10:15 am
Has thanked: 606 times
Been thanked: 2675 times

Re: 1Password - how safe is it?

#367739

Postby scrumpyjack » December 19th, 2020, 3:55 pm

Just because I'm paranoid, it doesn't mean they are not out to get me!

Arborbridge
The full Lemon
Posts: 10369
Joined: November 4th, 2016, 9:33 am
Has thanked: 3601 times
Been thanked: 5227 times

Re: 1Password - how safe is it?

#367771

Postby Arborbridge » December 19th, 2020, 5:20 pm

kiloran wrote:
Arborbridge wrote:If you are, then I am too!

I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.

Arb.

Do you have a photocopy as backup in case you lose your book? ;)
If you are not aware, Keepass is open-source so if there is anything naughty in the code it would have been found by now. And the passwords are not stored with a third party, they are stored in an encrypted file on your PC (or phone or tablet).

--kiloran


No. Good point, but I think most of the problems caused could be worked round in the same way as when you've forgotten the password.

Arb.

Fluke
Lemon Slice
Posts: 609
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

Re: 1Password - how safe is it?

#367957

Postby Fluke » December 20th, 2020, 10:29 am

GrahamPlatt wrote:

In case you do (go back to paper), have a look at this: https://www.labnol.org/software/write-p ... per/12972/

I’ve others of the kind, with various symbols (hearts/clubs etc) in the rows & columns.


Thanks for the link Graham, what a good solution! I think I'll go down this route for some accounts and see how I get on.

If you are, then I am too!

I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.

Arb.


Indeed :D

GrahamPlatt
Lemon Quarter
Posts: 2059
Joined: November 4th, 2016, 9:40 am
Has thanked: 1032 times
Been thanked: 823 times

Re: 1Password - how safe is it?

#407173

Postby GrahamPlatt » April 26th, 2021, 5:08 pm


Sussexlad
Lemon Slice
Posts: 382
Joined: November 4th, 2016, 12:49 pm
Has thanked: 317 times
Been thanked: 163 times

Re: 1Password - how safe is it?

#407203

Postby Sussexlad » April 26th, 2021, 6:55 pm

scrumpyjack wrote:So presumably before installing keypass one should download all the source code to one's PC and review it very carefully line by line for any back doors or malicious code. Then compile the EXE oneself before installing it?

Can't see many users doing that, or being competent to do it?


I feel much the same about all T&C and Privacy statements which we're all meant to trawl through, understand and accept but how many do any of those things? I suspect VERY few. I've used KeepassXC for some time now, along with local Keyfile. So far so good !

Lanark
Lemon Quarter
Posts: 1321
Joined: March 27th, 2017, 11:41 am
Has thanked: 595 times
Been thanked: 582 times

Re: 1Password - how safe is it?

#407235

Postby Lanark » April 26th, 2021, 8:55 pm

Nothing on computers is perfect and unbreakable, lastpass had some embarrassing problems a couple of years back.

That said companies like 1Password would have nothing to gain by breaking into your password, best case they gain access to your bank account but at the cost of losing millions of pounds in business.

So the risk is really from 3rd parties finding a way in.
If a backdoor is found and publicised - that will be patched very quickly.
If a backdoor is found and kept quiet, a so called zero-day, those exploits can be sold on the dark web for a lot of money. The kind of people who would pay 6 or 7 figures to get into your system are state level agencies, FBI, FSB etc. If those people are after you they will almost always find a way, they can tap your phone,SMS and email and probably plant a camera in your house to read that bit of paper.

One easy way to add a bit of extra security is to pick a letter on your keyboard, then fill in a complex password from the password manager and tack the extra letter on the end.

Redmires
Lemon Slice
Posts: 786
Joined: November 4th, 2016, 6:49 pm
Has thanked: 831 times
Been thanked: 436 times

Re: 1Password - how safe is it?

#407263

Postby Redmires » April 27th, 2021, 12:06 am

Lanark wrote:One easy way to add a bit of extra security is to pick a letter on your keyboard, then fill in a complex password from the password manager and tack the extra letter on the end.


I've moved recently from Lastpass to Bitwarden as LP have changed their free version so it can only use on one type of device now (laptop OR mobile etc). BW is open source and has decent reviews, and is free.

I also use a similar system to that above. For a very secure password (banking etc of say 12 characters), the password will be inserted in a longer random set of characters and only I know where the correct password starts and ends. It also has a missing character somewhere in the password. It won't auto-fill of course but I'm happy with that. I'm sure there are dozens of more ways to hide/disguise a password in case a password manager system is ever hacked.


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: Google [Bot] and 7 guests