Is the 1Password 8 Safari extension safe?

cmeermann · May 2022

Hi!

Safari keeps showing me this warning when I click on the 1Password 8 Safari extension:
"This extension would be able to read and alter web pages and see your browsing history on this website. This could include sensitive information, including passwords, phone numbers and credit cards.

You can change this later in Safari Websites preferences."

This gets me wondering how safe using the extension actually is. I find it hard to believe that 1Password has grown to be spyware in disguise, but I still would like to read an official clarification from the 1Password team on this.

Thanks in advance.
Cheers,
C.

1Password Version: 8.7.0
Extension Version: 2.3.3
OS Version: OS X 12.4

Jack.P_1P · May 2022

Hi @cmeermann:

Thanks for asking, and wanting to be sure. In short, Password for Safari uses those permissions only so it can determine what's on the page, and then modify the page by performing the fill.

You can see more details about the permissions 1Password in the browser requests here: About 1Password browser permissions

Jack

cmeermann · May 2022

Thanks for taking the time to respond. This helps a little. Though at the end of the day, it comes down to me having to trust 1Password to do only what you say - and not more. I will have to consider very thoroughly whether I am willing to do this when my most sensitive data is concerned.

Kind regards,
C.

lysander · May 2022

@cmeermann

Many tens of thousands of us have been using the 1Password extension for years. If there were any security issues it would be evident by now.

Also, 1Paassword is way more useful with the browser extensions.

TimHH · May 2022

@lysander Well, millions of people have been using log4j for years and nobody ever found the log4shell exploit until last year 😉

@cmeermann If you're using 1Password to store sensitive information, you're going to have to trust the company anyway. In other words: why should the Safari extension be any less safe to use than the actual 1Password application? It's just Safari telling you that the extension wants permissions to read from and write to web pages - which it has to do in order to function.

Ben · May 2022

Great questions and points all around. If there are concerns that we're doing what we're supposed to be doing, I'd point to our $1 million bug bounty program: