|
|
|
|
|
|
by tlrobinson
4854 days ago
|
|
|
What's the difference between: 1) entering your 1Password master password in untrusted software and 2) running untrusted software which could potentially keylog your 1Password master password? Agilebits likes to talk about how 1Password protects against keylogging (http://help.agilebits.com/1Password3/security.html and note the author here http://mackeyloggerprotection.com/ ) but what's stopping attackers/malware from keylogging your master password and exfiltrating your 1Password database and master password? |
|
|
There are some counter measures in 1Password to try to thwart keyloggers. The details vary from OS. As far as we know, our defenses work against existing keyloggers, but we also know that this is an arms race that we can only lose.
If your machine is compromised, then you can no longer trust anything on it. So while we believe that our current counter measures work against current threats, we can't state with much confidence that they will continue to do so. We've been fortunate in that keyloggers tend to be simple and go for the low hanging fruit.
Cheers,
-j