This is… mildly concerning. It looks like it’s limited to enterprise customers for now, but I don’t think it’s a good direction to start building features that require decrypting on the server, even with the excuse that there’s nothing to worry about because it uses a secure enclave (which have never had vulnerabilities in the past, right?). Please do read the article before commenting, as there may be something I’ve missed in this reaction.
The currently listed uses seem valid. For enterprise accounts monitoring employee usage can be very helpful. As to future developments involving it, I think it will require a wait and see approach. They did get the system audited, and if they make it opt-in by default instead of opt-out, then I personally won’t see any issue with it. If it is opt-out by default instead of opt-in then that’s where I would begin get a bit concerned.
1 Like
How can they even access this data in the first place ? I thought it was E2EE and so couldn’t be accessed by the provider… Secure enclave or not, this mean they can decrypt it at least some data and (technically) do what they want with it - since it’s all proprietary.
One more reason to Require Open Source for Password Managers
Edit: There is an “audit” but it mainly relied on 1P docs and some shallow examination of source-code.
1 Like
To me this is concerning. There are several points I have issues with. For example, they say
No operator access. This means that neither 1Password administrators nor AWS administrators have the ability to access or interact with the code and data running inside the enclave.
So how do they check it is running correctly, that no hacker has attacked the code, or even something as simple as do software updates?
Then statements like:
Our industry-first use of confidential computing enables us to securely decrypt certain secrets and process them in plaintext on 1Password servers without sacrificing security or privacy.
So they can at least partially decrypt the data from my vault somewhere other than my device and then claim it does not affect security? At the very least this means the attack surface is larger than before. How does this not reduce security?
As @Rasta said, for a personal account if it is opt-in then it should be ok. Before I would use them I would hope to see a better explanation of this system, one which provides a proper “here are the risks” - “here are the benefits” without the marketing gloss.
1 Like
Maybe this is the biggest problem, because there is no way 1password would ever tell their users that their own service can be in any way unsafe even if it’s the case.
If it’s an easy toggle at any point in time, you can expect some average users to enable it thinking it’s some sort of security enhancement.
1 Like