How secure is the Chrome Extension?
How secure is the Chrome extension? I feel a little anxious about using it at times. It seems so intrusive. It's the 1Password X - Password Manager extension.
1Password Version: 7.2.2
Extension Version: 1.13
OS Version: 10.14.1
Sync Type: Dropbox; 1Password Account
Referrer: forum-search:How trustworthy is Chrome extension?
Comments
-
Hey there @confischer.
Thanks for reaching out and thank you for your concern. ❤️I'm happy to share a little info and hopefully ease your mind in doing so. 1Password X does use the same security model as your 1Password.com account. In both, your data is encrypted using strong, end-to-end encryption, ensuring that the only way to access your important data in a meaningful way is to use the correct Key. Your Key is created locally, consists of 128 bits of entropy, and is never sent to our servers. So even if an attacker managed to break into our servers and steal a copy of the data (which is unlikely due to the protections our awesome developers have implemented to prevent this from happening), it would be infeasible for them to launch a password guessing brute force attack against you, regardless of how strong your Master Password is.
If you'd like to learn more about the 1Password security model and 1Password X security, we have some great support articles that might help:
support.1password.com | About 1Password X security
support.1password.com | About the 1Password security modelThat being said, I'd like to know what it is about 1Password X that feels intrusive to you or makes you feel anxious. We want our users to feel as comfortable as possible, so if there's something we can change to alleviate your anxiety when using 1Password X, we'd love to do so.
0 -
Thank you so much for your response. It really does make me feel better. I think what worried me was that I wasn't 100% certain that it was Agilebits and 1Password managing the data. It looks like it's the Chrome browser asking to save the login information and not 1Password. I trust 1Password, I'm not as secure about Chrome. That probably sounds really silly since the two are merged and working together. :)
0 -
And another benefit that using a browser extension has over copy and paste (apart from being more convenient) is that it bypasses the clipboard, which can prevent even poorly-coded non-malicious apps from capturing your login credentials. While there are certainly risks, they're the same you face any time your system is compromised. So you're no worse off in that sense, in addition to making it easier for you to be safe online when you're practicing good security hygiene to keep your system as a whole safe to use. :)
We do always recommend disabling the browser's password management though:
https://support.1password.com/disable-browser-password-manager/
Since it often squirts information into webpages without asking, it can be a privacy risk; 1Password will only fill when and where you tell it to. Also I find it's super confusing to try to keep track of where things are saved, so keeping them only in 1Password is secure and good for my sanity. And finally, if you do ever need to export data, that's much easier with 1Password too. Cheers! :)
0 -
Hey @confischer,
I wanted to add that 1Password X can completely disable Chrome's password manager so you don't accidentally save passwords with it. Right click on the 1Password X icon in your toolbar and choose Settings, then enable "Make 1Password X default password manager."
Cheers,
Mitch0 -
Thank you all so much. Thanks especially for the "Make 1Password X default password manager" tip. I've been using 1Password since 2014 and I am very happy with it!
0 -
Thank you, @confischer! I passed your kind words along to the entire team. ❤️
0