1Password sends your password across the loopback interface in clear text
Ross Hosman
28226

Perhaps I’m missing something. It seems another comment already addressed the essential issue. My understanding is loopback requires access. While I get it a nefarious person may be able to acquire that access, said breach is the more serious issue.

I’m all for making the entire password passing process as secure as possible. Unfortunately, much of the mechanism is subject to the inherent paradox of humans hate hassles and delays. Besides, according to the annual roundup of preferred passwords, the top 1,000 strings are well known.

PS: I totally agree cloud storage of passwords is insane:
1) Create a target. It will be attacked and most will be compromised.
2) If someone says their cloud storage is safe, they’re either naive or lying.

Show your support

Clapping shows how much you appreciated Bob’s story.