Continuing problems launching urls fro 1pw

Hi,
I'm back.
First of all, there a whole bunch of new browsers but 1pw has not been updated to show more of to let on browse for the app.
Second, there is the default set in windows, which should be sufficient without having #1 at all.

So when I click on a url in the lower pane in the latest version, it launches the one selected in the pref and the windows default browser. The url gets passed to the windows default, The other one (firefox) just opens but does nothing except occupy screen space.

It would be really great if you could fix this in some kind of logical, definitive way.

Thanks,
Dan Essin


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:url click launches 2 browsers

Comments

  • Hi @DoctorDan,

    Thanks for writing in.

    First of all, there a whole bunch of new browsers but 1pw has not been updated to show more of to let on browse for the app.

    I'm sorry but can you please clarify more about what you're asking here?

    So when I click on a url in the lower pane in the latest version, it launches the one selected in the pref and the windows default browser. The url gets passed to the windows default, The other one (firefox) just opens but does nothing except occupy screen space.

    That was a known Windows 10 bug. Are you using Windows 10 and which 1Password version you using, 1Password 4 or 6?

    The workaround that worked is to configure Edge to be the default browser and then change it back to your browser. Once you do this, it should only open your default browser.

    If you are using 1Password 4, please double check your 1Password settings in File Menu > Preferences > General > Double-Click. If it is configured to Open the URL in web browser, there may be a different browser set.

  • DoctorDan
    DoctorDan
    Community Member

    Well, it turns out that I am using version 4. I probably don't understand version 6. I will explain my understanding of it and perhaps you can correct me if I have got it wrong. I can appreciate that you are probably focused on version 6 and would prefer to minimize the amount of effort you expend on the old (obsolete?) version.

    I gathered that version 6 does something involving the web and a server you maintain. I was never clear about:
    1 - what a cloud-based component offers that I might need or want
    2 -what gets stored there
    3 - if the password to access the site is also the master password for a vault.
    4 - where the encrypted files reside
    5 - if they are sync'd between machines with a dropbox-like mechanism as they are in version 4

    My first impression of what I read when you announced the new scheme was that it was a lot like Lastpass. The reason I dropped Lastpass and switched to 1PW was that I didn't feel comfortable (and still don't) about having to enter my master password in the browser to access the site. Yes, I have enabled every restriction and use several forms of 2FA but it still makes me uneasy.

    If my concept of how 1PW version 6 works is wrong I will be happy to reconsider my initial skepticism but for now I'm confused about it. When security is involved I don't start doing things I'm confused about.

    If you can "straighten me out" I would appreciate it.
    Thanks,
    Dan

  • DoctorDan
    DoctorDan
    Community Member

    To follow up, I registered at the web site and installed the version 6 client to see what it was. I also read some threads where a bunch of people were frustrated by the very things which worried me when you announced, and still do. I fail to understand how 1PW can function offline unless there is a local vault. It's a fact that the internet is neither reliable or ubiquitous. I frequently find that I need a credit card number or a secure note at a time when I no access to the internet. With version 4 I'm good as of the last dropbox sync. With version 6, even though your blurb talks about offline access, I don't see how or where you have implemented it. From the comments it sound more like something you have planned but that it's not a high priority.

    So I anxiously await your feedback.
    Thanks again

  • AGAlumB
    AGAlumB
    1Password Alumni

    @DoctorDan: I wouldn't say 1Password 4 is obsolete. Obviously it would be easier to only have one Windows app to work on; but while 1Password 4 is no longer getting our full-time attention, we've been working on an update for it which will support some big upcoming browser changes. So we've got your back. :)

    I gathered that version 6 does something involving the web and a server you maintain. I was never clear about:
    1 - what a cloud-based component offers that I might need or want

    It really depends on your preference and workflow. There a lot of benefits to a 1Password.com membership, but the ones that seem to be the most popular are the web interface, Travel Mode, and secure sharing and sync that are seamless. And while they're less exciting for a lot of people, my personal favourites are automatic offsite backup for my 1Password data and item history. They're a life saver.

    2 -what gets stored there

    All data is encrypted locally on your device, so that's all that's sent to the server and stored there. It's hard to conceptualize, but the "keys" to your data are also never transmitted to us, even when you sign in, so those are, significantly, not stored on our servers.

    3 - if the password to access the site is also the master password for a vault.

    Yes.

    4 - where the encrypted files reside

    It sounds like you mean locally. Is that correct? They're cached in an encrypted database on your device's internal drive.

    5 - if they are sync'd between machines with a dropbox-like mechanism as they are in version 4

    Hmm. Someone here will probably kick me for saying this, but yeah, from a user perspective, it's "Dropbox-like". Our team has taken this opportunity to make 1Password.com much more efficient for syncing 1Password data though (you may notice this when singing into a new device for the first time if you have a lot of items — it's lightning fast). That's not a knock on Dropbox. 1Password.com just isn't a general-purpose file sync service like that, so we can focus on making it seamless for 1Password users.

    I didn't feel comfortable (and still don't) about having to enter my master password in the browser to access the site. Yes, I have enabled every restriction and use several forms of 2FA but it still makes me uneasy.

    We go to a lot of trouble to secure things on our end, and there's a lot you can do as well, but at the end of the day using a 1Password.com account does involve signing in to the website for some things. It is possible to create an account now from within 1Password for iOS, for example, without having to use a browser, but most administrative functions can only be done through the web interface. Over time we'll be enabling more of this functionality in all of the client apps though, like vault creation and management.

    If my concept of how 1PW version 6 works is wrong I will be happy to reconsider my initial skepticism but for now I'm confused about it. When security is involved I don't start doing things I'm confused about.

    Amen! I think you made the right call by holding off without having enough information to make a decision, and I'll do my best to help in that regard. :chuffed:

    To follow up, I registered at the web site and installed the version 6 client to see what it was. I also read some threads where a bunch of people were frustrated by the very things which worried me when you announced, and still do. I fail to understand how 1PW can function offline unless there is a local vault. It's a fact that the internet is neither reliable or ubiquitous. I frequently find that I need a credit card number or a secure note at a time when I no access to the internet. With version 4 I'm good as of the last dropbox sync. With version 6, even though your blurb talks about offline access, I don't see how or where you have implemented it. From the comments it sound more like something you have planned but that it's not a high priority.

    It really isn't something that comes up often because users don't have to think about it. When you sign in to the app, it gets all of your data from the server. When you make a change there or on another device, it gets updated automatically, provided you have an internet connection. If you're offline, it just syncs any changes once you're connected again.

    I think you summed it all up very nicely. Effectively, for you, 1Password.com works the same in these scenarios. While the server is the central storage for the encrypted data, the apps cache the data on each device as well, so even offline you'll have the latest data as of the last time that 1Password was able to connect and get changes. Where it differs with Dropbox primarily is efficiency (1Password.com was built to sync 1Password data, and that includes the server component and the client apps) and ease of use. You and I are more than comfortable configuring sync, but I think we can still appreciate fewer steps and less hassle. ;)

    Anyway, I hope this helps. Be sure to let me know if you have any other questions! :)

  • DoctorDan
    DoctorDan
    Community Member

    Thanks. This is extremely helpful. It leaves me with (I think) only 2 more questions:
    1 - If I'm using a browser on someone else's computer, how is the password encrypted before being sent?
    2 - Are there 2FA features available when using web access?

  • DoctorDan
    DoctorDan
    Community Member

    Am I correct in understanding that the reason you don't offer 2fa for 1password.com is that you are relying on "secure remote password'? Now the ipad (assuming that I'm using some else's) and who knows what other browsers I might find in a public location, don't implement javascript (at all or inadequately). It seems ro me that if I enter my password, it might end up being sent in the clear, if the SRP is not available or not implemented properly - or have I missed something. The description of this feature on your site boils down to "trust me"; it's short on substance.

  • DoctorDan
    DoctorDan
    Community Member

    Also, since http://srp.stanford.edu/demo/demo.html won't run on the ipad but I can login to 1password.com, I can't see how you've gotten the protocol to work in the browser. Maybe I'm just dense.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks. This is extremely helpful. It leaves me with (I think) only 2 more questions:

    @DoctorDan: Glad that helped! And don't feel like you have to limit yourself. ;)

    1 - If I'm using a browser on someone else's computer, how is the password encrypted before being sent?

    Regardless of where you use 1Password, the password is never sent. Instead, using Secure Remote Password protocol, the web client computes a verifier locally (SRP-v) and sends that so the server can verify that you know this secret without you having to reveal the secret itself. That said, We never recommend using 1Password on a machine that you don't control, as it could be leveraged to capture your information locally — whether because the owner is malicious, or they've simply fallen prey to malware.

    2 - Are there 2FA features available when using web access?

    Duo two-factor authentication is a beta feature of the 1Password Teams Pro plan, but I wouldn't want you to make your decision based on that, as it is a beta feature. Hopefully we'll be able to add two-factor authentication in stable form and perhaps for other plans i the future, but that's not something I can offer you right now.

    Am I correct in understanding that the reason you don't offer 2fa for 1password.com is that you are relying on "secure remote password'? Now the ipad (assuming that I'm using some else's) and who knows what other browsers I might find in a public location, don't implement javascript (at all or inadequately). It seems ro me that if I enter my password, it might end up being sent in the clear, if the SRP is not available or not implemented properly - or have I missed something. The description of this feature on your site boils down to "trust me"; it's short on substance.

    Definitely see above and below, both for information on the status of two-factor authentication and more details on how 1Password.com works. But you don't have to just take our word for it, and we're not going to just say "trust me". Apart from our own efforts, we participate in external audits and cooperate with independent security researchers to find any flaws so we can fix them. You're welcome to participate as well! :chuffed:

    Also, since http://srp.stanford.edu/demo/demo.html won't run on the ipad but I can login to 1password.com, I can't see how you've gotten the protocol to work in the browser. Maybe I'm just dense.

    Wow! You're way ahead of me here. I'll admit that I don't know all of the implementation details, but it definitely works. There's actually a lot of good information on this in the security white paper (p. 57), so I'd encourage you to check that out, not just for SRP, but because the whole thing is a great read, especially given your interest. I can tell you that it wasn't easy and took a long time for us to build all of this, and originally some limitations in Safari and Edge's standards support meant we couldn't support them initially until we reworked some things to work within the constraints of those browsers. :)

  • DoctorDan
    DoctorDan
    Community Member

    This is great info! I'm very cautious by nature, as you probably gathered, but you have convinced me. btw - The university where I am a faculty member (USC) just adopted Duo so I have the app. If you need someone to test it, I'm available.
    Thanks,
    Dan

  • DoctorDan
    DoctorDan
    Community Member

    Well, I guess I have one more (the last?) question about making the switch. There seems to be one one ipad app. Right now mine is still pointing to dropbox and there is no indication of how I get it to look at the new vault that I created in your cloud. Shouldn't there just be a button or a pref that says "disable dropbox and enable cloud"? or maybe there is and I just can find it. I saw something that said stop syncing, but I no clue as to what that does.

  • Greg
    Greg
    1Password Alumni

    Hi @DoctorDan,

    It seems that you are using a local vault in 1Password on your iPad. If you created 1Password account, you need to add that account to 1Password app and use it instead of a local vault. Here is how you can add the account on your iPad:

    Set up 1Password (iOS)

    Please let us know if it helps. Thank you very much!

    Cheers,
    Greg

  • DoctorDan
    DoctorDan
    Community Member

    Thanks, it's all set

  • Greg
    Greg
    1Password Alumni

    Hi @DoctorDan, you are very welcome! :)

    We are glad to hear you are all set now. Please make sure that you are using your Personal vault (part of your account) from now on and everything will be okay. If there is anything else we can help you with, you know where to find us. ;)

    Have a great week!

    Cheers,
    Greg

  • AGAlumB
    AGAlumB
    1Password Alumni

    Great! And we're here if you have any other questions! :chuffed:

This discussion has been closed.