Chromium incompatibility

Options
Vexed
Vexed
Community Member

Well that's just great!

I spent 2 hours last night installing Chromium and other data that didn't get imported from Chrome.
Then I discovered that 1Password does not work with Chromium due to it being unsigned.

I decided to try Chromium because it's supposed to offer more privacy/security.
So I can now use a safer browser, I just can't sign into ANY websites unless I manually copy/paste. Whoop-de-freakin-doo!

That renders Chromium USELESS, meaning I wasted two hours of my life.

Since the Chromium team has no plans to sign their app, is there any other way for cocoatech to work with them to make 1Password functional?
Or maybe show users a security warning about the security risks, but then allow them to proceed with using 1Password in Chromium if they're willing to accept the consequences.

After all, WE PAID FOR 1PASSWORD, we should be able to use it wherever we want.

Since users could still copy/paste passwords if they wanted to, what exactly is 1Password protecting us from by refusing to do its job?
It shouldn't be so poorly coded that it's vulnerable to attacks that other password managers aren't.
What's all that BS for about matching the code in the browser with the one in 1Password, if it isn't making it secure?

LastPass works almost everywhere.
LastPass works on macOS, Windows, iOS, Android, Chrome OS, Linux, Firefox OS, Firefox Mobile, Windows RT, Windows Phone—even Apple Watch and Android Wear smartwatches.
Most features are free, and the Premium subscription is cheaper than 1Password!


1Password Version: 6.8
Extension Version: 4.6.8.9
OS Version: OS X 10.12.6
Sync Type: none

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    WE PAID FOR 1PASSWORD, we should be able to use it wherever we want.

    @Vexed: No. 1Password supports specific browsers it was designed to work with, and we continually maintain the extensions for new versions and in response to changes in the security landscape. Paying for 1Password doesn't entitle you to use it with any browser you wish any more than it does with any OS you choose. Like any other software product, it has supported features and system requirements. And part of that is moving to the new WebExtensions standard supported by Chrome and Firefox.

    We go to a lot of trouble to ensure that 1Password keeps users' data secure, and part of that is not sending it to just anyone who asks. The only way that 1Password can tell the difference between a legitimate browser, such as Chrome, and a malicious app posing as one is by verifying its digital signature. 1Password is not designed to work with every browser that exists. Rather, we build and test it to support major browsers where possible, and some alternatives which are both compatible and verifiable, and unsigned prerelease builds are not something we've ever officially supported. Ideally, we would; but then again, ideally Chromium would be signed so that 1Password could be sure it wasn't sending users' most sensitive data to an impostor. Just as you're not going to get through security at the airport without ID, 1Password isn't going to connect to just anyone. And the only way for it to be sure of what's at the other end is the well-established digital certificate system. Certainly there are other password managers out there as well, but we've seen the security issues that can arise by storing data in the browser itself (which is a way to get around browser verification). But it obviously isn't something we'd be able to recommend.

    What's all that BS for about matching the code in the browser with the one in 1Password, if it isn't making it secure?

    That's a fair question. Mutual authentication is a security mechanism we added a while back to defend against a specific attack:

    Background for 4.6.1 Security changes

    With the move to Native Messaging, this sort of attack is no longer possible and also authentication can be done automatically by 1Password.

    I'm sorry that you had to spend a lot of time getting Chromium working on your machine, and I can definitely appreciate your frustration when you found that 1Password cannot work there. It may be that may change in the future, but at this time we don't have any plans to support Chromium in particular, or make it possible to use 1Password with unsigned browsers in general. There are great alternative browsers out there that care about privacy (and offer more stability) without eschewing this important security feature — Vivaldi, Brave, and Firefox, to name a few — and I'd encourage you to try those.

This discussion has been closed.