Browser extension security

Hey @Arnaud68! Happy New Year! I see you read the tech press pretty frequently; nice catch! The (short) answer to your question is yes: you can continue to use the 1Password browser extension because the way we developed our own extension is not vulnerable to the type of attacks described here. We've actually got a blog post from our Chief Defender Against the Dark Arts, Jeff Goldberg, going up shortly to address this in greater detail, but for now, here's the short story:

The scripts that attempt this password manager-scraping are from Adthink (audience insights) and OnAudience (behavioralengine). 1Password's browser extension is not vulnerable to them because we have never allowed what's known as "automatic auto-fill" (as opposed to "manual auto-fill"). What's the difference? In 1Password, there is not and never has been a way to type in a URL to your browser and have 1Password fill and submit the login form without any further interaction with you, the user. That's manual auto-fill. Automatic auto-fill would be if we allowed that type of automation. Some password managers do allow this, and we've gotten many requests for it from users over the course of time. While we're waiting for Jeff's blog article to be published (should be later today), here's something he wrote on this forum in 2014 to people requesting that feature (automatic auto-fill), explaining why we don't do it and likely will never do it:

https://discussions.agilebits.com/discussion/comment/153916/#Comment_153916

By the way, our blog is located at https://blog.agilebits.com -- I still don't see Jeff's post on this topic up yet, but check back later this afternoon for the full run-down. And of course, feel free to ask any questions here, should you have any. Thanks for the question!