1Password Changes Encryption Format to Prevent Metadata Leaks
1Password is one of our best password managers . Today, it is changing the way you encrypt your data to further protect your metadata. On the surface, it doesn’t change much, but it’s a welcome addition to security.
A key change concerns how 1Password handles URLs for the sites you save. Currently, the URLs of the sites in your password store are not encrypted. This was because in 2008, decrypting URLs and site headers every time you wanted to search your password store was a performance hit, explains AgileBits, the app developer.
Of course, unencrypted site urls should never be a problem. Unlike most other password managers, 1Password does not store your password vault on its own servers. Your storage is either stored exclusively on your local computer, or, if you prefer, synced via Dropbox. An attacker would have to compromise your system (or worse, Dropbox) in order to even go into your vault and see a list of the sites you’ve saved.
However, more protection is better than less. So now the company has announced that it will begin moving towards encrypting the URLs of sites that you also store in the password store using the new OPVault data format. This transition will take place in the coming weeks. However, you can check the source link below to see how to manually switch if you don’t want to wait.
When Leak Is Not Leak | AgileBits via Engadget