Why does 1Password intercept and store Cloak VPN password?
I am surprised that 1Password intercepts and stores a password for the Cloak VPN. It's not Cloak's user password. Maybe it's a key that is protected by the password.
Why does 1Password do this?
1Password Version: 5.3.2
Extension Version: 4.4.3.90
OS Version: OS X 10.10.5
Sync Type: none
Referrer: ug:mac/new-computer, ug:mac/new-computer-wi-fi, ug:mac/new-computer, kb:ios-itunes-backups, kb-search:cloak
Comments
-
Hi @JRandomPerson,
1Password has an extension to help you auto-save all Logins for all sites, it's not isolated to Cloak. This is to store your sensitive data inside the encrypted 1Password database.
However, some sites does not show a difference between a password field and a different password field that's not related to the user password, 1Password will offer the option to save it for you or update the existing Login to change its password.
Does that help or do you mean something else and if that's the case, can you explain more what you were doing at the time and what 1Password was doing.
0 -
It is true that 1Password (or its Chrome extension) prompts me to save the login information the first time I log onto a website. However, the password in question is not for a website. In fact, I had never seen it before. It is probably some sort of key used by the Cloak virtual private network. Furthermore, I don't recall ever being prompted to save a password for Cloak.
0 -
Hi @JRandomPerson,
I can only think of two situations where we save items outside of the main 1Password window.
- The 1Password Save Login window. Only the 1Password Browser Extension calls the save login function, in fact one of the items on some of our user's wish lists is more interaction with the operating system and other applications.
- The 1Password Password Generator. Can you tell us a little more about the item please, is it a Password item and if so is it titled
www.getcloak.com
with a website field? That would be generated by 1Password when you use the Password Generator and it's a safety net should the password not be recorded elsewhere.
Given everything I know of 1Password I'm confident it isn't sneakily intercepting anything and we'll find the reason for the items existence.
0 -
The name of the password item is "Cloak". The website listed in the password item is "app://com.bourgeoisbits.cloak.agent"
0 -
@JRandomPerson: Ah, I see. That's a custom URL scheme they are using to pass information to the app itself then. That explains it. You can of course simply click the 'gear' icon in 1Password's Autosave window and select "Never for this website" if you don't wish 1Password to offer to save this in the future. Cheers! :)
0 -
Greetings @JRandomPerson,
I have to offer an apology. We were recently asked this question again elsewhere and somebody on the team reminded me of particular behaviour in 1Password mini that will explain what you're seeing. This was the reply I posted there
When you generate a password using 1Password's Password Generator we store it as a safety measure, a wise one I'm sure you will agree. If your web browser is the active application when this happens 1Password mini will ask the extension for the title and URL of the active tab on the reasonably safe assumption that is the intended target for the new password. That way should you ever need to look back you can see why this Password item might have been created.
Now if another application is in focus when the password is generated it picks up the name of the application for the title and the URL is instead a generic URI for that application as supplied by some OS X call. So this is how URLs starting with
app://
can come into existence. Now, how did it end up in a Login item?So you've generated your lovely new strong password and then you go to use it on the site. Now we have the password stored as a Password item but to be of more use you want to create a Login item. You visit the site, enter your login credentials and 1Password offers to create a Login item. What you don't see in the background is 1Password notices it's the same password as in one of your Password items so it converts that Password item into a Login item, keeping all the current fields. It updates the title to reflect the site in question and adds the URL for the login page.
The confusing result though is a Login item that has both the real URL and an
app://
URI. Heck, it took me a moment or two to put this together myself, I was even writing a slightly different response when all the pieces fell into place.So other applications aren't looking at what you are doing, they were merely in focus when 1Password mini was opened. Nor is 1Password listening to what you're doing in other applications as we only interact with the 1Password Browser Extension (I'm not counting asking the OS what application is active as real interaction) but it's something that does raise an eyebrow the first time you see it. Given we don't interact with other OS X applications I'm not sure what benefit adding the URI does.
I hope this helps a bit but if you have any follow up questions at all please do ask :smile:
I think this will explain your situation too although it would mean the password you interpreted to be a key was generated by the Password Generator in 1Password mini, possibly the first attempt at a password that you then didn't use?
Could any of this help explain what you've observed? Once again, I apologise for what probably seemed like us not taking your query seriously, that certainly wasn't our intent at all.
0 -
Sounds reasonable to me.
0 -
Indeed! Sorry for misunderstanding initially, but I'm glad that we were able to solve this particular mystery. Cheers! :)
0