How Secure Is 1Password?
Before storing all your valuable information in 1Password, it is important to know your information is safe and cannot be stolen.
Passwords Are Encrypted Using Your Master Password
When you run 1Password for the first time, you create a Master Password that is used to encrypt your data. No one will be able to view your passwords or other confidential information without knowing the password.
All you need to do to stay secure is to pick one strong password and commit it to memory. Since it is only a single password, you can make it long and unpredictable.
When you leave your computer, simply lock 1Password and your data will be secure. Step away reassured that with its built-in, automatic locking, 1Password can protect you even if you forget to lock it.
You control your data
All your data is stored on your local hard drive. If you wish to sync your data across systems, 1Password integrates with Dropbox (see Automatic Syncing Using Dropbox), but we have designed 1Password and this syncing so that your data remains secure from others and available to you even if something goes wrong Dropbox.
How safe are my 1Password data in the cloud?
Your 1Password data are very safe in the cloud. Your 1Password data are encrypted before they get stored or transmitted anywhere. If you use Dropbox to sync your 1Password data across devices, a copy of your 1Password data will be stored on the Dropbox system. Even if Dropbox were to be compromised, an attacker would need your master password, which only you know, to decrypt it your 1Password data.
How Strong is 1Password’s Encryption?
The short answer is that it is very strong.
The slightly longer answer is that your data is encrypted using AES, the same state-of-the-art encryption algorithm used as the national standard in the United States. 1Password uses 128-bit keys for encryption, which means that it would take millions of years for a criminal to decrypt your data using a brute force attack.
For the really long answer, full technical details on the encryption algorithm, key generation, and FIPS compliance, please see the Agile Keychain Design document.
Is 1Password More Secure Than the Competition?
People often associate the strength of the encryption algorithm with the number of bits used in the encryption key. Our view on encryption is that it is a very serious business and the strength of the encryption algorithm cannot be reduced to the size of the key.
We know how complex encryption can be and so we decided to leave it to the experts instead of inventing our own. 1Password does not contain a single line of encryption code; instead we used OpenSSL, which is shipped with over 20 million Macs and is the standard used by most of the Internet. In addition to its huge user base, OpenSSL is open source. This is critical. It means that experts from around the world can view the code and ensure it is correct and does not contain any back doors.
The size of the community and open nature of OpenSSL, combined with the state of the art encryption algorithm, makes 1Password’s encryption incredibly secure and reliable.
True Browser Integration Increases Security
When wondering about how secure 1Password is, you are likely to evaluate the competition (which is always a good thing to do!), so we wanted to add that encryption is not the only thing that makes 1Password secure.
1Password offers what no one else does: A great management application on your desktop that also provides true browser integration. Many applications provide safe storage areas for your data, which is great, but sometimes you want to actually use that data. What happens when you want to use that data when you need it most, in your web browser? Many apps require you to take care of them by manually adding your data to them and manually copying the data to your browser. Not only is this manual work inconvenient, but as soon as “copy and paste” are mentioned, you become vulnerable to keyloggers and phishing attacks. Other tools, which do work in browser, may limit your management of your data to tools within web browsers. 1Password gives you both full browser integration, but also a powerful and easy to use application for managing your data.
1Password does things differently. It works for you. You can save Logins automatically, fill login forms, and even generate strong passwords, all from within the browser. Since this is all done for you, you are protected from keyloggers and other malware, as well as phishing scams.
There are several articles in our knowledge base which go into more detail about a number of security issues.