What does Safari Bookmarklets mean?

Community Member
edited August 2013 in 1Password 3 – 7 for Mac

What exactly does this mean?
"Safari bookmarklets cannot be created or changed from 1Password."

The very last item for OS X here: http://discussions.agilebits.com/discussion/8068/official-answers-1password-and-the-mac-app-store


  • khad
    1Password Alumni

    It's referring to a very old feature that was in 1Password for Mac about two years ago but was removed for security reasons. From our 2011 blog post "Staying ahead with security":

    It’s time to say good-bye to a couple of features that won’t stand up to the anticipated threat environment. One feature, loved by many, is the Login Bookmarklet. This was originally designed as a way to get some 1Password functionality into browsers we didn’t support at the time. Before we had 1Password for iOS, this could be used to kinda-sorta get 1Password data into browsers that didn’t support 1Password directly.

    The data in the 1Password Bookmarklet is very well encrypted, but the password for it is not secured using PBKDF2. This means that if the Bookmarklet were to be captured it would need a very strong password on it to resist attack. Because the Login Bookmarklet lives in the browser’s bookmarks, there are more opportunities for it to be captured. Given these two issues, it is time to phase the bookmarklet out. Existing bookmarklets, already in the browser, will continue to work if users decide to keep them. But from this point onward, you will not be able to create new ones.

    The story is similar for 1Password’s Encrypted HTML export feature. The passwords for those HTML files are also not protected by the PBKDF2 technique. But the good news is that our much-loved 1PasswordAnywhere feature will continue to work. 1PasswordAnywhere actually uses the same data file as the 1Password application itself, so there are no worries about its data format.

    The Login Bookmarklet and Encrypted HTML export features were meant as temporary measures until something better could be put in place. 1PasswordAnywhere, 1Password for non-Mac platforms, and our 1Password extension for Google Chrome are those better ways of doing things.

    If we can be of further assistance, please let us know. We are always here to help!

  • AndreGB
    Community Member

    Thank you, Khad.

This discussion has been closed.