Is the 1Password 8 Safari extension safe?

Hi @cmeermann:

Thanks for asking, and wanting to be sure. In short, Password for Safari uses those permissions only so it can determine what's on the page, and then modify the page by performing the fill.

You can see more details about the permissions 1Password in the browser requests here: About 1Password browser permissions

Jack

Thanks for taking the time to respond. This helps a little. Though at the end of the day, it comes down to me having to trust 1Password to do only what you say - and not more. I will have to consider very thoroughly whether I am willing to do this when my most sensitive data is concerned.

Kind regards,
C.

@cmeermann

Many tens of thousands of us have been using the 1Password extension for years. If there were any security issues it would be evident by now.

Also, 1Paassword is way more useful with the browser extensions.

lysander Well, millions of people have been using log4j for years and nobody ever found the log4shell exploit until last year 😉

@cmeermann If you're using 1Password to store sensitive information, you're going to have to trust the company anyway. In other words: why should the Safari extension be any less safe to use than the actual 1Password application? It's just Safari telling you that the extension wants permissions to read from and write to web pages - which it has to do in order to function.

Great questions and points all around. If there are concerns that we're doing what we're supposed to be doing, I'd point to our $1 million bug bounty program:

AgileBits’s bug bounty program - Bugcrowd

and multiple recent independent security audits:

Security audits of 1Password

While I hope you find you can trust us, it doesn't have to be blind trust. I hope that helps!

Ben

Thanks to everybody for their contributions. You helped me a great deal to make up my mind.

@cmeermann

I'm happy to hear that your questions were answered. 😊