Is it normal that 1password registered passwords without my approval?
Hello,
Yesterday I used the 1password mini to generate passwords and register web logins in its database.
At a moment I realized that 1password registered a password on its own, for an application I was not using at that time.
I found that under the option "passwords" it registered a random password for Creative Cloud (of Adobe).
In the section "website" it registered something like "app://..... Creative Cloud....."
It's true that I am using the software Creative Cloud, but yesterday I didn't touch it at all.!!!
Is it normal? Not that I mind, I trashed it, but as I am always sensitive to security issues, I want to feel that 1Password operates under my full control.
Best,
Comments
-
No, 1Password should not do anything without you at least confirming you wish it to do so. It will help us to understand what might have happened if you tell us:
- what version of 1P you are using on your Mac;
- your OS X version.
The Password category saves 1P generated passwords which are not linked to a specific saved login item. If you check the date on which the apparently rogue entry was made you may get some idea how and why it happened. I'm guessing that at some time you generated a password for Adobe Creative Cloud but maybe the URL you have for that in your login items isn't exactly the same as that which appears in the Password category.
At least if your Creative Cloud login item and the relevant Password item are the same you'll have a good idea that they are in some way associated with what you did on that day.
Stephen
0 -
- I am using the latest version of 1P, bought over App Store
- I am using the latest version of Yosemite.!
- In the past I registered a password for my Creative Cloud profile, but that was a web login. That remained untouched in the 1P database. The one that got registered yesterday was not related to the web login I had registered in the past. Moreover, the password that got saved yesterday was different that the one I actually use on my Creative Cloud account.
- I checked the time. It got registered yesterday while fiddling with 1P computer application to register web logins. Nothing related to Adobe though.
- Just to mention that 2 hours before the incident I had received a request to update the Adobe flash software. And I updated it.! (If I am not mistaken there was something like a virus for MACs some years ago, that was introduced to our computers as Adobe flash update. I was hoping that this issue is resolved). Still, I don't know whether there is a connection with this incident, I am just giving an extra piece of information.
0 -
Just one more piece of information. When I updated the Adobe flash update (about 2 hours before the incident), and although the installation was complete and my laptop restarted, a .dmg file appeared in the Disk Utility. The name of the .dmg file was "encryptedFile.dmg" and I couldn't eject it. That encryptedfile.dmg contained an Adobe flash installation, but I didn't run the installation. I read instructions on forums, and as it happened to many users I followed their instructions. That is, I went to the folder where the encryptedFile.dmg was stored and sent it to Trash. Only then it disappeared from DiskUtility.
Again, I don't know whether this incident is related to the 1P incident, but it seemed weird to me.!
0 -
You may find that the dmg reappears when you restart your computer. I have certainly found that some of these nasties come back because of various other files related to them. There is a program called Adware Medic that can be downloaded from www.thesafemac.com that is good at getting rid of such stuff, and the site also tells you how you can remove the stuff yourself if you are careful.
None of which relates to your 1PW query, but it is worth knowing.
0 -
Thanks for the answers.!
Stephen_C should I expect another answer on your behalf?
0 -
Stephen_C should I expect another answer on your behalf?
I'm afraid not a constructive one because I'm completely baffled as to how what you describe might have happened. I know only as I stated before: that 1P is not going to do anything without at least some user intervention.
It's possible someone from AgileBits may come along with a better guess than me as to what might have happened.
Stephen
0 -
ok. If you have further news, please let me know.!
0 -
Hi @olyroad,
I do apologize for the confusion here. I've got a pretty good idea of where things have gotten tangled up. Let's do a quick review, just to be sure I understand the situation:
I found that under the option "passwords" it registered a random password for Creative Cloud (of Adobe). In the section "website" it registered something like "app://..... Creative Cloud....."
It got registered yesterday while fiddling with 1P computer application to register web logins.
When you use the strong password generator, 1Password will name the password based on the window that has focus. If a browser window has focus, 1Password will record the site's URL for the title of the Password item. However, if you clicked on your Creative Cloud icon in the menu bar prior to selecting 1Password and opening the password generator, then Creative Cloud might still have had focus over the browser window, hence the wonky naming.
I've just tested here, and if I click on Creative Cloud and then generated a password in the 1Password mini's password generator, and it showed up in my Passwords category as a 'Creative Cloud' entry.
Please note that the Passwords category is largely a safety net to ensure that generated passwords do not get lost after filling (in cases where 1Password might not prompt you to update an existing Login entry.) 1Password is not 'registering' these passwords anywhere, just tucking them away in case you need them.
I hope this helps to explain what's happening, but if you have further questions, we're here to help!
0
