1Password referenced in Safari address bar
Hi Folks, I've just noticed that when I use 1 Password to enter the URL for my Bank the text shown in address bar of Safari includes what appears be a reference to 1Password - i.e.
"http://(bank site name)/personal.html?onepasswdfill=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "
where XX's represent 32 alpha/numeric characters which I haven't replicated here for security.
The URL used by 1Password is "http://(bank site name)/personal.html"
Any ideas, should I be concerned.
Additional info - a software program called RAPPORT as recommended by my bank for extra security shows site as part of the banking group. (No username or password can entered on page accessed this requires click on "Log In" icon, and I must copy & past usernames etc. to log in as RAPPORT prevents your fill operation.).
1Password Version: 5.3 (530029)
Extension Version: 4.3.1
OS Version: 10.10.3
Sync Type: iCloud
Comments
-
Hi @Old_Codger,
Have you installed our 1Password Safari Extension? I suspect you haven't yet but if you were to do so the
onepasswdfillsection of the URL would be handled correctly. For guidance on how to install a browser extension check out our Installing browser extensions page.Why is this happening? When you click on a URL in the main 1Password window, we pass the URL to you default browser but we need a way to let our browser extension know that you want to not just open this URL but also fill in the login page using this Login item. So we append this parameter to the URL which the extension recognises and removes before the browser starts to load the page. As you can begin to see, if the browser extension isn't present then the browser doesn't know to strip this bit from the URL. The 32 alphanumeric characters are merely a UUID to correctly identify which Login item is to be used and they don't contain anything that would put your actual login credentials at risk.
Now if you do have the 1Password Safari Extension installed and this is still happening then I can only guess that this RAPPORT is interfering with our handling. I don't have an answer for you here I'm afraid as part of how this program has been designed seems to be to interfere with a certain class of applications and we're being caught up in the middle i the form of collateral damage. I personally don't agree with the approach of forcing people to manually type in a password as that would seem to restrict the likelihood of anybody using a strong password. That's just me of course but I think you'll find a lot of people that agree in these forums.
We will do our best to work with your to at least find the source if a solution isn't possible (on the possibility that RAPPORT and our good selves can't happily co-exist).
0 -
Unfortunately banks recommend RAPPORT and users, particularly experienced ones, find it causes a lot of trouble. You could Google (Bing? DuckDuckGo?) for RAPPORT to get more information.
0 -
My bank recommends it too - I just ignore it as I'm not taking IT advice from the RBS :tongue:
0 -
Thanks folks,
littlebobbietables - I do have 1Password Safari Extension installed so it looks as though RAPPORT is the problem. Just checked by clicking on the URL in the main 1Password browser, having disabled RAPPORT before doing so, and the site loads normally with no reference your UUID, so I guess that confirms it. This doesn't surprise me as I've had problems with RAPPORT before, unfortunately , I suspect that if I didn't use RAPPORT and by bank account was hacked the bank would not accept any responsibility. RAPPORT is written by Trusteer Endpoint Protection which was bought by IBM and it has never given good support to Safari. Anyway, many thanks for your response and assurance that the 32 character UUID has no impact on login security, and good luck with any dealings with Trusteer/IBM.danco - too true
0 -
Sorry we couldn't give better help on this occasion @Old_Codger but thank you for reporting back and confirming this. I shall pass this knowledge on and maybe we can find a way of working with them (or them us).
ref: CSI-49
0
