FWIW cache side channel attacks are primarily a threat on (shared) cloud platforms, but not as much [1] on personal devices. Considering that 1password runs in its own process and that most personal devices should have Meltdown mitigations in place, it would be prohibitively difficult to successfully launch a cache side channel attack to extract the password from outside of your device, especially at scale. Attackers would attempt to find other software vulnerabilities instead.
I think it would indeed be nice if 1password scrubbed sensitive data from memory, but not a complete deal breaker if it didn't. I do wonder if this could be more of a problem on 1passwordX, though.
I think it would indeed be nice if 1password scrubbed sensitive data from memory, but not a complete deal breaker if it didn't. I do wonder if this could be more of a problem on 1passwordX, though.
[1]: not zero, but still