Why does 1password try to connect to other sites on log-in?
I am setting up my login sites now, still learning a lot. I am concerned becasue when I do access my mini login menus I get attempts to log in becasue Little Snitch will warn me. I get an attempt to connect with:_ 1.static.img-dpreview.com_ and wwp.dollar-usa.com.
What the ... ? Dpreview is a photography site I sometimes visit and I have no idea what dollar-usa is. Why in the heck are these connections trying to go when I am innocently using 1passord - and assuming my information is secure? Because this is not making me feel very secure. What is happening here, please?
Thanks
Comments
-
I don't recognize those sites as ones that 1Password accesses, but the only cause that I am aware of for it to be accessing web sites is when users have Rich Icons enabled. The icon images are served over the Internet, not stored locally. Do those reports stop if you disable rich icons?
0 -
Yes, that stopped It. Call It a bug I guess? Definitely not good behavior from an app I want to trust as super secure. I liked seeing the colorful icons but I strongly dislike getting connection requests for mailchimp, amazon, dpreview, etc. Secure apps like 1password should probably act .. you know .. Secure. Works well for Tmobile and Comcast, from what I am reading It may never work with bank logins, and that is too bad.
0 -
It works for my bank login. But there are some pretty unfriendly bank sites that probably can't work with any password manager.
There are explanations here in the forum about why you shouldn't worry about security of your data as a result of the contact to the rich icon server. I'll see if I can find one and post back.
Also, if you're up for the project, you can save custom icons of your own design in any record. This gives you the colorful icons, but keeps everything local. When I've wanted to do that, I found Google images to be a really effective way to find logos to use for that purpose.
Edit: I haven't found what I'm looking for on security issues and rich icons.
0 -
OK, thanks. I just pasted in the colorful icons.
0 -
I'm back to post a link to this thread, where the same matters are discussed and are addressed by three AgileBits folks, just in case it's helpful. Although the discussion is in the context of version 4, it applies just as well to version 5.
0 -
@levelbest there's also a very good article here in the security knowledge base which you'll probably find explains everything you need to know about 1P's network connections.
Stephen
0 -
Thank you @Stephen_C :smile:
As you will see @levelbest, we aren't contacting the sites in question, it's merely reverse DNS giving you a scare.
I allow connections to cache.agilebits.com and was.cachefly.net on port 443 (https) and that covers everything relating to Rich Icons if you decide you want to use them. After that you won't be bothered with the false alarms.
If you have any questions do please ask :smile:
0 -
I closed off Rich icons and pasted in my own captured icons. So long as I don't have anymore random network connections using 1password I think we are good here. I am only taking a seat at this table becasue 1password has such a good reputation so I am sure It will work out OK. Trusting this much of my private data to the internet is a very big step. It seems only right to ask questions when random connections come knocking at my cyber door.
0 -
Of course, I don't blame you for asking given the situation I'm a Little Snitch user myself so I know exactly what you mean. The issue seems to be that DNS and reverse DNS don't tend to match up too well once CDNs come into play and unfortunately they're very useful. If you're happy not using Rich Icons and applying custom icons as you feel it's useful then that's a perfectly good solution too :smile:
0
