Protection from bad URL?
I accidentally entered "op signin example.1pasword.com [email protected]" instead of "example.1password.com" (note typosquatter domain).
I was unable to log in, and when I try to access "1pasword.com" in a web browser, the proxy/malware scanner where I work filters the page and denies access as "malicious site" so I'm hopeful nothing bad happened.
Additionally the tool gave an error message rather than connecting successfully:
[LOG] 2018/09/14 15:22:27 (ERROR) Get https://EXAMPLE.1pasword.com/api/v2/auth/[email protected]/XX/HASHY/HASHHASHHASH: dial tcp XXX.XX.XXX.XXX:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Does the command-line tool protect against doing something bad here by checking the server certificate or something? If not did I luck out with my work proxy or something? Or did I just send my master password and secret key to bad guys? I really don't want to go through and change every password in every vault in my family account, revoke all the secret keys, and memorize a new master password, this weekend. :(
1Password Version: CLI 0.5.3
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided