Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Don't go to Electron unless you can promise 100% security
If you use the Electron platform how can you ensure that there aren't exploits that will expose my passwords?
You don't have access to the code base in Electron so instead of trusting you folks I will have to trust Electron as well.
Given that Electron like apps are far harder to secure, in my opinion, than a stand alone Mac app I don't see how I can trust that you folks, despite your great dedication, can ensure that my data will continue to be safe.
I've been using 1Password since it came out and I'd hate to change but this Electron concept is probably going to cause me to look for another product.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
19 Replies
1P_Ben1Password Team
Don't go to Electron unless you can promise 100% security
Anyone who "promises 100% security" is selling snake oil. Security is a moving target. I would suggest how companies prevent, plan for, disclose, and resolve any security issues is more important than making grandiose promises about never having any sort of security related issue.
Nobody can guarantee 100% security in consumer applications, except perhaps nocode:
https://github.com/kelseyhightower/nocode
We have a proven track record of having independent audits, running a bug bounty program, as well as disclosing and fixing security issues when they occur.
I wish anyone, especially ourselves, were able to make such a promise. It just isn't a reasonable target I'm afraid. What we can promise is that we take security seriously and will do the things a responsible company should do to prove that.
Ben
roustemEvery time I go to a web site if someone has hacked Electron they will see not only my passwords but the web sites those passwords are associated with.
I think there might be a bit of a misunderstanding about how 1Password 8 works. It is not loading any resources from a website at any time. It is a fully packaged, self-contained, sandboxed application.
roustem Sorry but I don't see how your response addresses my concern.
By definition for 1Password to do its job passwords have to be communicated to the platform on which 1Password is running which means that they will be accessible to Electron. Every time I go to a web site if someone has hacked Electron they will see not only my passwords but the web sites those passwords are associated with.
In addition since the only interface between 1Password and the user is Electron vulnerabilities in Electron which would enable a virus/bot to input commands to the 1Password core which would allow finding out passwords--people don't care about your World of Warcraft password so they'd simply fake a request for the password to the sites they do care about, like say the major bank web pages, and the 1Password core would return the info they wanted. It's easy to imagine a simple bot that, given an Electron hack, would cycle through all the major financial web sites looking for a hit.
External testing is fine but without access to the source code you have no way of knowing there are no ZDEs.
The whole point is that by outsourcing the interface between the core and the OS/Apps Agilebits is making it impossible to ensure that the data will stay secure. It's as though you're passing unencrypted data over a network you don't control.
If UI is the issue I'd be much happier if you just froze the v7 UI and kept it forever on the Mac app.
There's both truth and FUD here. Any modern app uses third party libraries and are exposed to supply chain attacks. Those attack surfaces vary depending on the particular framework. Unless you're going to write low-level direct API code, there's always an intermediate code base that's at risk.
The question is how much risk, and that's worth having the conversation about.
- roustem
@m4rkw 1Password 8 is really hybrid app though. It is not a pure Electron app, there is zero NodeJS code, for example.
- roustem
Oops, I am sorry Mitch Cohen, I was lazy and didn't double check the username 🤦🏻♂️
Should've been @mitch, my apologies. (I updated the original post)
- roustem
Thank you for your trust in us, @trinko!
I wanted to say that we did a few things to make sure the new app is more secure than 1Password 7:
- we started performing an external security review of the 1Password 8 codebase from the beginning.
- so far we had several security reviews and plan to continue them as the project develops.
- we designed a logging system to make sure none of the user information is leaked by accident.
- we designed the app architecture to separate the user interface layer from the core where the most critical operations happen. For example, the item detail view process does not even have the value of the password (it only has '*****' asterisks) until you click the Reveal button and at that moment the core send the real value of the password to the view.
- 1Password 8 for Mac is codesigned, sandboxed, and notarized.@mitch went though some of the work we did to make it more secure in his presentation at NorthSec conference:
https://www.youtube.com/watch?v=_P6qI4ahBVk&t=5110sObviously, we are never happy with the current state and we will be looking for more way to make the app more secure.
