Won't load site using PW browser
Opening www.optumrx.com site w/ PW browser gets error. " Failure to open site would lead to accessing "m.optumrx.com" which may cause bad side effects of cyber intrusion"....not exact words.
Using iOS 9.3.2 copy of Safari opens the site OK...no errors.
What do you need to chase this problem?
1Password Version: 6.4.2
Extension Version: NA
OS Version: IOS 9.3.2
Sync Type: Dropbox
Comments
-
Hi @three-cushion,
I believe "m.optumrx.com" is the mobile version of the www.optumrx.com web site. Some companies create a completely different web site that is shown to a phone/tablet using visitor to the site; when this type of specialized site is created the prefix "m" is not uncommon to differentiate the two web sites.
I navigated to "m.optumrx.com" on my iPhone and got the same message you noted:
"The certificate for this server is invalid. You might be connecting to a server that is pretending to be "m.optumrx.com" which could put your confidential information at risk."
That message is not completely uncommon or solely associated with mobile sites and has nothing to do specifically with the 1Password app.
For web sites that process payment or other confidential information a protocol called Secure Socket Layer or SSL is used and a certificate is required for account owners to run this security protocol. If they don't have a certificate that covers the sub-domain "m.optumrx.com" in addition to their main web site "www.optumrx.com" this message will appear. There may be no actual security problem, but the sub-domain's web site certificate can not be verified for whatever reason.
To get an answer to your security questions you will need to contact Optumrx. It is possible to click past the message and visit the site from your phone, but the safety of your confidential information and even login credentials for the site are not necessarily covered by the same safeguards they are at the main site. Only the technical staff at Optumrx will know.
I hope that isn't too much information. I know my answer is fairly technical, but I wanted to let you to know where to direct your questions so that you can get your problem solved.
Margeau0 -
@three-cushion: Sorry for the confusion there! Margeau gave a great overview, but I wanted to discuss this a bit more as it relates to 1Password.
As you can imagine, we don't want 1Password to fill your login credentials on a fraudulent site. And on the internet, security certificates are only valid for the domain they are registered for.
m.optumrx.com
does not have a valid certificate, as it's using one from another subdomain:As you can see, even Safari doesn't want us to continue to the site, because its certificate does not match. It gives you the option of ignoring this issue, but because navigating to a URL from a login in 1Password attempts to fill it, we don't want this to happen. It may be something we change in the future, but it's not something we take lightly at all. You may not care about this particular case, but there are many others where none of us would ever want 1Password to ignore or allow this behaviour.
You may have noticed that the certificate in question is for
wem.optumrx.com
. They've probably saved some money (like, really not a lot) by reusing the certificate for another page. Fortunately, it seems like simply using the address for which this certificate is valid avoids the issue entirely:Just save that in your login item instead. I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
What great replies to my issue!! Yes, as a retired software designer I now understand my problem for this site. Your explanations are spot on for this error. And, you bet I will talk to a tech rep on that site and tell them what I have found.
PW is the best SW I have come across in my career ..... Keep up the great work.0 -
Excellent! Thanks for the kind words. If there is anything else we can do, please don't hesitate to contact us.
Ben
0