1Password changes the default file format to increase security

The 1Password file manager has announced a change in the format of files in which user information is stored. The company decided to take these actions in response to the post of Dale Myers, an employee of Microsfoft, who discovered a vulnerability in the current format. So, Myers studied the .agilekeychain file left by 1Password, and found that the metadata is not encrypted , but stored almost in clear text, plain text. And since 1Password is a fairly popular password manager, the data of many hundreds of thousands of users may be compromised.

If someone gets access to the corresponding file, then this person can easily get information about the sites on which the user has recently logged in. It is also possible to obtain data on the user's bank account, and find out what kind of software licenses have been acquired. All this information allows you to contact the bank on behalf of the user, plus the attacker can reset all passwords. Plus, Google indexes user keychains for easy access to various sites.
')
.agilekeychain is the directory where the 1password.html file is located. All user data is stored in the 1Password.agilekeychain / data / default / contents.js file.

In turn, the company Agilebits claim that the bug found by a Microsoft employee is actually “not a bug, but a feature”. Thus, the developers have foreseen the possibility of storing data in an unencrypted form, since in this case the performance of the program increases. Interestingly, the .agilekeychain format has been used by developers since 2008 - then the gadgets and software were somewhat simpler than they are now, so the developers decided to leave the data in the clear to ensure the performance of their program.

Since then, a new format has been introduced, OPVault, which was optional. After the publication of the Microsoft employee, the company decided to replace .agilekeychain with OPVault, leaving the latter as default. If you work with this password manager, then you can switch from the old file format to the new one as follows:

• 1Password for Mac guide .
• 1Password for Windows guide .
• If you use only 1Password for iOS, a guide .
• 1Password for Android guide .