Many of you must be users of 1Password, the best and most popular password manager for iOS and OS X. No wonder: it is super-complete, multiplatform, beautiful and very secure.
But Dale Myers, a software engineer at Microsoft, this week published an article calling attention to a “flaw” in a format used by 1Password that could eventually compromise user security. Promptly, the developer AgileBits responded with clarification in a post.
Summing up the whole story, back in 2008 AgileBits decided to use 1Password in a format called AgileKeychain. Considering the devices of the time, she chose not to encrypt URLs and item titles in the database to avoid slow / excessive battery consumption (their passwords and their contents are always protected). In December 2012, the OPVault format arrived with much stronger and more comprehensive encryption technology.
The “problem” that even today there are many users who have not migrated from the AgileKeychain format to OPVault, as this is not done automatically. Especially those who use Dropbox synchronization (as well as 1Password apps for Windows and Android) may have compatibility problems with the most modern format.
AgileBits stated in its post that it is working to, in the next versions of 1Password, offer automatic migration from the AgileKeychain format to OPVault. Meanwhile, anyone who wants to can make the switch manually following guides for Mac, Windows, iOS and Android.
Sorry, app not found.
(via Engadget)
