Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
ETH Zürich paper concerns
Came across this study titled "Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers," whose study is available at https://eprint.iacr.org/2026/0...
Hey everyone! Thanks a bunch for flagging this research to the community here. Our security team reviewed the paper in depth and found no new attack vectors beyond those already documented in our publicly available Security Design White Paper.
We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on.
For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced a new capability for enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.
1P_Blake
Community Manager
Community ManagerHey everyone! Thanks a bunch for flagging this research to the community here. Our security team reviewed the paper in depth and found no new attack vectors beyond those already documented in our publicly available Security Design White Paper.
We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on.
For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced a new capability for enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.
