iSECPartners password manager survey

The survey is located here.

1Password seems to have the least issues but they still point out some. (although they tested an old version of extension 3.9.19)

— automatic updates in an insecure manner by reaching out to an un-protected endpoint:

— ignored subdomains when comparing origins. That means that a login form encountered on will still be treated as equivalent to a login form encounteredon—violatingthesame-originpolicy.

— None of the examined password managers appear to verify the login page for a remembered password on a given domain. For example, although Vimeo’s login page is hosted at, all of the examined password managers will detect login forms anywhere on the domain.

Would like to hear from the devs what do they think about it and if they're going to fix the issues that are (if any) still relevant.

This discussion has been closed.