How things work: A deep dive into 1Password security

BSidesDE 2018

Presented by: David Schuetz (Darth Null)
Date: Friday November 09, 2018
Time: 13:00 - 13:50
Location: Track 1

Choosing strong passwords, a different one for every site, is just Security 101 at this point. Using a password manager to handle all those different credentials is essential. But how do you know that they're safe, especially in the cloud?

1Password has been a popular password manager for over a decade. In 2016, they introduced 1Password Teams feature which puts your passwords in shared vaults in the cloud. In the cloud?!?! Yes.

Agilebits have been very open about how 1Password works, with whitepapers, support documents, and geek-friendly forums. Unfortunately, their documentation can be hard-to-follow, and sometimes lacks key technical details.

This talk fills in those gaps. It describes (most) of the 1Password ecosystem in detail, from unlocking to decrypting to vaults to account recovery. Using easy-to-follow analogies, the talk provides non-technical attendees with a clear understanding of how the system works. At the same time, enough detail is given that crypto-geeks can easily build their own tools, to prove to themselves that it really is working properly.

Audience: Anyone concerned with whether or not their passwords are actually being protected. Also anyone who loves to see how things work under the hood and would like to tinker with the data for themselves.

David Schuetz

David has been working in the security field for a long, long time...and active in the security community for over a decade. When not engaged in paying work, he enjoys building and solving cryptography puzzles, playing Pokemon Go, and helping out with his kids' Boy Scout Troop. David runs the KhanFu conference scheduling system, volunteers at ShmooCon and Black Hat, and has recently received a US amateur radio license (though he hasn't had enough time to really play with his new radio...)


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats