When the 1Password vault, extension, or app is locked on Windows and Android platforms, is the data encrypted at reset? This implies that there are no feasible physical or hardware-based attacks capable of extracting the encryption key.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
I didn't have a particular attack in mind. My main concern was to ensure that someone with physical access couldn't launch an attack that would compromise the encryption key for the vault. Given that the vault is encrypted at rest while locked, such an attack should be infeasible.
I've heard about "vulnerabilities" in BitLocker and other full-disk encryption systems, like malicious reset attacks or Direct Memory Access (DMA) attacks. This can be mitigated with preboot authentication but this is way off topic.
ModeratorHello @maldroid! 👋
That's a great question! When 1Password is locked on your devices, your data is encrypted at rest and requires your account password to decrypt your data and unlock 1Password. If you use biometric unlock then the secret used to decrypt your data is stored in the Trusted Platform Module (TPM) and can only be accessed by you.
As soon as 1Password is locked, whether by restarting your device or having auto-lock get triggered, all vault data is encrypted until you unlock 1Password again.
This implies that there are no feasible physical or hardware-based attacks capable of extracting the encryption key.
Can you clarify a little more about the specific sort of attack that you're referring to? I would be happy to go into greater detail once I learn more.
In the meantime, you can learn more about our security design by taking a look at our white paper: https://1passwordstatic.com/files/security/1password-white-paper.pdf
-Dave
