Author Not Verified in Firefox Extension Download [Will be fixed soon]
Hi All,
I am seriously considering using 1Password for all my most sensitive passwords after comparing multiple password managers. When I attempted to download the 1Password extension for Firefox, I received the following splash screen: 1Password (Author Not Verified) with a URL which begins an "https:" but does not contain the agilebits.com domain name, but a domain of "sus.cloudfront.net". What am I suppose to do with THAT information when I am downloading and about to purchase a password manager from a company which is supposed to be on top of its game when it comes to observing all the security protocols? I also noticed that a user in the MAC forum had the same complaint and the response was a non-responsive "we've got to do better." Your program answered all my concerns about password managers, especially not storing passwords in the cloud, but this is holding me back from buying it since I am downloading an extension from an unverified source with no identifying URL. Please advise. Thanks.____
Comments
-
I just was updating a system, and ran across this same issue. I hate assuming something is safe when there's any warning at all, when it comes to something as important as owning all my passwords. Would be great to get feedback from a moderator.
0 -
Can someone from AgileBits please respond? Please? Should we not use this extension? What is going on?
Do we need to try to publicize this outside these forums to get a response? Seems embarrassing for a company that prides itself on all the ways it keeps paying user's passwords secure to have this issue, and to not be addressing users who are asking how to deal with it. And if we users stumble upon an issue you won't address, how do we feel confident there aren't more issues under the hood that hackers can exploit? It does not inspire confidence for this thread to go unaddressed...
EDIT: What the heck? Just searched again and see this issue noted in 2012!!!
0 -
Thanks for taking the time to bring this issue up again. You're right, it's been a known issue for sometime now and we need to fix it.
This issue had already made our short list for things we need to work on for the next release and this thread helps add fuel to that fire. We'll get things signed as soon as we can.
0 -
So I guess it works safely downloading directly from AgileBits? For whatever reason, when I tried installing on my newer system, the 1Password app seemed to download the extension in a way that brought up the warning.
0 -
Hi @SecretDude,
Yes, it is normal to get this warning in Firefox even if you try to download it from our site. The file is served from our CDN (content delivery network) provider, Cloudfront. We use them to serve the files on their local cache server in your area to prevent overloading our main servers. However, we haven't taken the time to sign our extension yet. Mozilla is pushing up the deadline to require all extensions signed or Firefox won't install it, so we will get this fixed as soon as possible.
0