1Password has announced that it’s switching the format it uses to store its users’ data, so that less of the metadata it holds is left unencrypted.
Over the weekend, Microsoft software engineer Dale Myers wrote a blog post highlighting the fact that 1Password’s AgileKeychain data format left some important metadata unencrypted. As 1Password points out, it was a known issue, but it did leave the URLs of the sites a user relies on the service to log in to open and exposed. He pointed out that this kind of data could in theory be used to identify which websites you use, what software licenses you own and where you hold bank accounts.
While 1Password points out that password data has remained secure the whole while, it’s now also decided to roll out its OPVault data format, which encrypts much more metadata. In fact, it’s been using the OPVault format on some platforms since 2012, but has been reluctant to roll it out widely because of backwards compatibility concerns. Now, though, it’s decided to go the whole hog, explaining that “Dale reminded us that its time to move on.”
Over the coming weeks, then, 1Password will update its software across all platforms to use the OPVault data format. Which will keep Myers happy, and your personal data secure.
Image by Ervins Strauhmanis