They may also get your 1Password username, since it's your e-mail address. Then ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pavel_lishin on April 24, 2012 \| parent \| context \| favorite \| on: Pwning a Spammer's Keylogger They may also get your 1Password username, since it's your e-mail address. Then all they have to do is download 1Password, try your master password combination with various e-mails you may have typed (signing up for a website, etc.) and suddenly, it's much, much, much worse.

hwatson on April 24, 2012 [–]

Your 1Password keychain is stored locally and is never uploaded to Agile's servers. The attacker would have to upload the keychain first (or break into your Dropbox, if you have it stored in there)

pavel_lishin on April 25, 2012 | [–]

Ah, I was thinking of LastPass.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact