This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

iOS-provided security mechanisms and 1Password

A rather disturbing article was posted on Macworld.com on March 7, "Is Apple finally getting serious about security?" (See [url="http://bit.ly/fSRc8N "]http://bit.ly/fSRc8N [/url]) The author, Kenneth van Wyk, details serious flaws in Apple's 256-bit hardware AES encryption module. The key is protected by the device's PIN, which can be easily disabled with jailbreaking and other software. Same goes with the API for protecting sensitive files. In short, any developer using Apple's built-in security mechanisms in iOS isn't getting the security they think they are. My question is, does 1Password use Apple's security mechanisms? Is Agile aware of the flaws?

Comments

  • There are lots of topics asking about and discussing 1P security and AWS has written articles about it, e.g.:



    • [url=http://forum.agile.ws/index.php?/topic/3858-jailbreaking-and-1password-security/]Jailbreaking and 1Password security[/url]

    • [url=http://forum.agile.ws/index.php?/topic/3676-i-have-security-concerns-with-this-app/]I have security concerns with this app[/url]



    … etc.
  • [quote name='sjk' timestamp='1300123579' post='22408']

    There are lots of topics asking about and discussing 1P security and AWS has written articles about it, e.g.:



    • [url=http://forum.agile.ws/index.php?/topic/3858-jailbreaking-and-1password-security/]Jailbreaking and 1Password security[/url]

    • [url=http://forum.agile.ws/index.php?/topic/3676-i-have-security-concerns-with-this-app/]I have security concerns with this app[/url]



    … etc.

    [/quote]



    Thanks, those links were very helpful, and gave me some new tips to further enhance my security.
  • Another security-related topic you might be interested in:



    [url=http://forum.agile.ws/index.php?/topic/2284-key-hygiene-practices-on-all-platforms/]Key hygiene practices on all platforms[/url]



    I'll let you do the searching for others if you feel like it. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
  • khad
    khad Social Choreographer
    edited March 2011
    Hey cozmot,



    Unfortunately, the commenters on that that Macworld article seem to have a better grasp of the situation than the author does. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' /> I suggest you give them a read if you have not already done so.



    Please also take a look at our "[url="http://blog.agile.ws/lost-iphone-safe-passwords/"]Lost iPhone? Safe passwords![/url]" blog post (in addition to the fine links that sjk has already provided).



    Let me know if you have any additional questions of concerns.



    We are always here to help!



    P.S. Love your avatar! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />