Is the 1Password 8 Safari extension safe?

cmeermann
cmeermann
Community Member

Hi!

Safari keeps showing me this warning when I click on the 1Password 8 Safari extension:
"This extension would be able to read and alter web pages and see your browsing history on this website. This could include sensitive information, including passwords, phone numbers and credit cards.

You can change this later in Safari Websites preferences."

This gets me wondering how safe using the extension actually is. I find it hard to believe that 1Password has grown to be spyware in disguise, but I still would like to read an official clarification from the 1Password team on this.

Thanks in advance.
Cheers,
C.


1Password Version: 8.7.0
Extension Version: 2.3.3
OS Version: OS X 12.4

Comments

  • Hi @cmeermann:

    Thanks for asking, and wanting to be sure. In short, Password for Safari uses those permissions only so it can determine what's on the page, and then modify the page by performing the fill.

    You can see more details about the permissions 1Password in the browser requests here: About 1Password browser permissions

    Jack

  • cmeermann
    cmeermann
    Community Member

    Thanks for taking the time to respond. This helps a little. Though at the end of the day, it comes down to me having to trust 1Password to do only what you say - and not more. I will have to consider very thoroughly whether I am willing to do this when my most sensitive data is concerned.

    Kind regards,
    C.

  • lysander
    lysander
    Community Member

    @cmeermann

    Many tens of thousands of us have been using the 1Password extension for years. If there were any security issues it would be evident by now.

    Also, 1Paassword is way more useful with the browser extensions.

  • TimHH
    TimHH
    Community Member

    @lysander Well, millions of people have been using log4j for years and nobody ever found the log4shell exploit until last year 😉

    @cmeermann If you're using 1Password to store sensitive information, you're going to have to trust the company anyway. In other words: why should the Safari extension be any less safe to use than the actual 1Password application? It's just Safari telling you that the extension wants permissions to read from and write to web pages - which it has to do in order to function.

  • Great questions and points all around. If there are concerns that we're doing what we're supposed to be doing, I'd point to our $1 million bug bounty program:

    AgileBits’s bug bounty program - Bugcrowd

    and multiple recent independent security audits:

    Security audits of 1Password

    While I hope you find you can trust us, it doesn't have to be blind trust. I hope that helps!

    Ben

  • cmeermann
    cmeermann
    Community Member

    Thanks to everybody for their contributions. You helped me a great deal to make up my mind.

  • @cmeermann

    I'm happy to hear that your questions were answered. 😊

This discussion has been closed.