App already "knew" passwords

Yesterday and today I spent several hours experimenting with a different password manager app. After I downloaded the extension to my Chrome browser, it already "knew" all my login names and passwords. I didn't enter any passwords. The system automatically logged me in to all websites, including banking, financial, etc. I started the process of going into each website and deactivating the autofill/login for each but then I thought "this is crazy." I would have had to spend hours doing that to be secure again before I could rationally decide what I wanted to autofill. How did it "know" all my passwords, and will this happen with 1Password? This seems very wrong to me.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided
Referrer: forum-search:passwords

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2017

    @sundarimudgirl: It sounds like you may actually have these saved in Chrome itself. Most browsers offer a basic password saving/filling feature (not particularly secure) which works automatically. While 1Password is designed to make it easy to save (in the app) and fill (using the extension) login credentials in the browser as well, it is designed expressly to not be automatic, since we don't necessarily always want sensitive information being injected into webpages without our consent, as this can cause us to fall prey to phishing attacks, or just plan be annoying. Instead, 1Password will fill login credentials only when you click and select the login item, or press ⌘ \ to tell it to fill on the current page.

    If you open the main 1Password app, you should be able to see everything that is currently stored in your vault. If you do, in fact, have data saved there already, it may be you'd used 1Password in the past and the app is simply using that same vault now. Let me know what you find!

  • sundarimudgirl
    sundarimudgirl
    Community Member

    I assume you're referring to when you're at the login on a website and you get a notification asking if you want Chrome/google to save or update your password for the site you're on? If there isn't any risk associated with it, I will do that, but I never do it for anything with consequence like financial, banking, shopping websites etc. In any case, it sounds like 1Password fits the bill better for me. I only want to fill in login/passwords for a few sites at a time to see how it works, and it sounds like I can do that at my pace with 1Password.

  • matthew_ag
    matthew_ag
    1Password Alumni

    Hey @sundarimudgirl,

    I assume you're referring to when you're at the login on a website and you get a notification asking if you want Chrome/google to save or update your password for the site you're on?

    That is correct, when you see that prompt from Chrome then it's offering to store your credentials for that website in it's own password manager. We recommend disabling Chrome's password manager to ensure it doesn't conflict with 1Password.

    As Brenty mentioned, Chrome's Autofill is designed to be automatic when a page is loaded. This is troubling if you use Chrome to fill in identity information as it will be automatically filled on a web page. As soon as the data is entered into a web page there is nothing stopping that web page from sending that Autofilled data to the server even if the website isn't one you trust. 1Password protects against this by only filling identity information if you explicitly request that 1Password fill in that information.

    I hope that helps. Please let us know if we can be of further assistance.

    Best regards,
    Matthew

This discussion has been closed.