1Password is one of our top password manager choices. Today, it’s changing the way it encrypts your data to keep even more metadata protected. On the surface, this doesn’t change much, but it is a welcome security addition.
The key change deals with how 1Password handles the URLs for the sites you save. Currently, site URLs are not encrypted in your password vault. As AgileBits, the company that develops the app, explains, this was because in 2008, decrypting site URLs and titles every time you wanted to search your password vault caused too much of a performance hit.
Of course, non-encrypted site URLs shouldn’t ever be a problem in the first place. Unlike most other password managers, 1Password doesn’t store your password vault on its own servers. Your vault is either stored solely on your local machine or, if you prefer, synced via Dropbox. An attacker would have to compromise your system (or worse, Dropbox) in order to even get at your vault to see that list of sites you’ve saved.
Still, more protection is better than less. So now, the company has announced it will begin the transition to encrypting the URLs of sites you save in the password vault as well, using the new OPVault data format. This transition will take place over the coming weeks. However, you can check out the source link below for instructions on how to switch over manually if you don’t want to wait.
When a Leak Isn’t a Leak [AgileBits via Engadget]
Comments