New login UI for 1Password web
It seems you have changed your login mask for the web login of 1Password families. In times of phishing and other attacks it's unusual to change the login screen without a previous notification. Today morning I was unsure whether the login is really from 1Password. I'm still not sure. Did you changed the login UI?
Regards
Tobias
1Password Version: Web 406
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: 1Password Family
Comments
-
Hey @TobiasAT -- yep! Thanks for checking in with us, we did indeed change the appearance (and to some degree, functionality) of the login screen for 1password.com accounts. But it's still us. :) Part of how you can tell that is a) you're using the same URL you did previously, and b) it's an extended validation (EV) HTTPS cert -- you can tell that by the green bar in your browser. The combination of those two things would make it VERY difficult for an adversary to phish from. However, we're always glad to see users take a skeptical eye towards anything that looks "off" about their security environment. How do you like the new sign in page look? :)
0 -
Just a note. My browser, Firefox, shows the green EV designation with the company name when I go to 1Password.com. It does not show it when I go to https://family_name.1password.com. It just shows the lock icon without the company name.
I don't know enough about EV certificate handling in Firefox to know if this is the expected behavior. Just curious.
0 -
@learning_1pw: This is expected, and should be the same for any browser. The EV certification guidelines do not allow issuance of wildcard EV certificates (e.g. our EV cert covers "1password.com", not "family_name.1password.com", et al). EV certification is valuable for the top level domain because it verifies ownership and control. And because we own and control 1password.com, we also control all the subdomains, which are in turn using our SSL certificate:
You raise a good point, but it's helpful to keep in mind that you or anyone else who is aware of this limitation can always verify the certificate and root. Cheers! :)
0 -
Thanks Brenty. I understand better, now.
0 -
Glad that helped! We're here if you have any other questions. :)
0