Security concerns about 1password 8 for windows

Hi sj0123, thank you for this thoughtful response - and we do appreciate these suggestions.

This could be a pretty deep discussion, but for now I'll just say that your points are well-appreciated, and that protections against local attacks or insecurities are something we do put in place - for example, clipboard management, memory protections, code signature validation, and so on. When it comes to the Secret Key and why it can't be encrypted, you and 1P_Ben have already well covered that ground.

As I said in the first post, dedicated security chips such as TPM chips, secure enclave for IPhones, and arm trustzone technology, would be a great solution to achieve this as these chips run seperately from the main operating system and gaining access to protected data is extremely difficult, given that the user maintains a secure environment on there systems.

This is definitely something we're interested in. While I can't share much about forthcoming (hypothetical) features, this is definitely an area where we see some potential - both for security and convenience - and we'll hope that our future efforts here will delight you!

I should note as well that 1Password, even without using Windows Hello to unlock, still scores as very secure by most risk analyses. There's no such thing as "total security", and our security folks can speak more to the details of potential endpoint compromise scenarios, but I thought we should make sure to mention that. 👍