Safari setting "Always allow on this/every website"

I keep getting caught out that 1P is not active on the webpage I am on, and I have to click the 1P icon in the Toolbar and am given the choice:

If I choose Always allow on every website I get a strong warning:

What is good practice here?

What have I been doing for years with 1P before 1P8 came along, before this choice existed?

Is it best to keep doing "always allow for this website" and eventually all my commonest sites will be allowed?

Thanks


1Password Version: 8
Extension Version: 2.1.4
OS Version: macOS 12.1

Comments

  • jack.plattenjack.platten

    Team Member

    Hi @mikebore:

    1Password for Safari requires access to all webpages in order to fill properly. The only use for this permission is the ability to fill and detect what needs to be filled as necessary.

    For details on our browser permissions, see here: About 1Password browser permissions

    Let me know if you still have questions and I'd be happy to dig into them further with you!

    Jack

  • mikeboremikebore Junior Member

    Yes thanks, I think I understood that. My question was really because I don't recall having to make that choice in 1P7, so what was 1P7 doing.....did it effectively have "always allow for every site".

    How are others handing this setting?

  • PeterG_1PPeterG_1P

    Team Member
    edited January 14

    Hi @mikebore, that's effectively what the browser extension was doing before, correct.

    To be clear, this warning message you're seeing comes from the OS / Safari - which is good practice, generally speaking. It makes sense to check with a user whether they want an extension to be able to access their websites, and if so, under what conditions!

    I'll be interested to hear what others have to offer here. My take is that, in order to be effective and "just work", it makes sense to allow on all sites. This is because 1) 1Password in your browser only reads the web data in order to fill passwords for you (we don't make our money from advertising, we don't collect sketchy information on you, it's only used for the purposes of doing what you bought 1Password for in the first place, and so on) and 2) the 1Password browser extension is designed with security in mind.

    It's also a good prompt, though, about what browser extensions can do - which is to read quite a bit of your data, under the right circumstances. This is something we talk about quite a bit here at 1Password, and something we wish people generally heard more about when it comes to information security. Many people's overall privacy and security would be improved by using fewer browser extensions, and vetting them more closely.

    In terms of our own software, as @jack.platten said:

    1Password for Safari requires access to all webpages in order to fill properly. The only use for this permission is the ability to fill and detect what needs to be filled as necessary.

    This is the core case for allow all: the app is designed for a limited purpose, is subject to the same privacy policies as all our software, and needs to be able to view websites to work well.

  • mikeboremikebore Junior Member
    edited January 14

    Thanks. So trying to summarise, have I got it right that:

    1. "Allow all websites always" is what 1P7 and previous versions did, and is maximum convenience.
    2. Adding the option to "allow this website always" is a new 1P8 option giving more control by being restrictive.
    3. Adding the option to "allow this website once" is even more restrictive. This is the 1P8 default.

    So overriding the severe warnings in 1P8 about option 1 results in equivalence to 1P7.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file