I am getting a message this morning "1Password requires authorization to work with Safari.."
It also say, "Click Authorize if the code below..."
1Password Version: 6.3.4
Extension Version: Help does not work
OS Version: Sierra 10.12
Sync Type: iCloud
Referrer: forum-search:New Message "from" 1PW
Comments
-
Where would I find that code in Safari? And I never got a message like that, why now?
0 -
As to why now, it's a security feature introduced with the recent upgrade to version 6.3.4.
As to finding the code, I will leave that to someone else, since for me it just came up when I tried to use 1PW after the upgrade
0 -
Hi @genec123,
I'm sorry for any confusion about the new extension authorization prompt! As danco mentioned, that's a new feature we just added, which is why you haven't seen it before.
At the same time the message (from your screenshot) appeared, a new tab or window should have opened in Safari with a code that should match the other one. If you don't see that in Safari, please make sure you check all of your open browser windows/tabs. If you find the one with the code, and if it matches, click the Authorize button.
If you don't see that in Safari, click Cancel on the message from 1Password, then quit & restart Safari. The window with the code should automatically open after a moment. But if for some reason it still doesn't appear, please let us know. Thanks! :)
0 -
Thanks
0 -
I think it is inexcusable that a company selling security, would introduce a feature without letting users know that it was legitimate. I refused to authorize, and went to your site. No mention of this new feature.
This would be a great hook for a hacker to access my data! Please change you front page to alert your customers!
0 -
I am unable to make this work. I see the browser window that tells me to compare, but 1Password mini doesn't open, despite uninstalling, reinstalling and restarting Safari. This is super frustrating.
0 -
Same problem. I installed from Mac App Store and there is no version 6.3.5. This is super annoying!
0 -
@vplewis That may be so, but I did not get a notification back then either. When software I have used for over 7 years starts behaving differently, I question if the authorization is legit or a way for someone to game my OS. I think it is great that there is extra security, but let me know.
0 -
I agree that this should have been communicated. Should have been a popup that came up when the software loaded the initial time after update. Also, an email should have been sent as well. My wife had mentioned getting a security popup message this AM but never got around to checking it out yet. But, it just happened to me on mine and now I know what she is talking about ;).
0 -
This would be a great hook for a hacker to access my data!
@jueker: The opposite is true. The new mutual authentication improves security to prevent impostors from connecting to 1Password.
@imt: As vplewis pointed out, this was described in the opening paragraph of the release notes for 6.3.4, which is shown with the update:
But certainly not everyone looks at that when its presented, so we've made some changes in yesterday's 6.3.5 update to compensate for some 3rd party software interactions and also improve the visibility and clarity of the authentication (along with a link for more details):
We've listened to feedback and expedited this update, which should help a lot of people who have had difficulty either using the feature itself or understanding the change. And we're open to more feedback if anyone thinks there are other ways we can improve this security feature for everyone. Thanks for the constructive criticism, and my apologies to those for whom this change was a hardship initially. :(
@scottelkin: Please update to 6.3.5, restart your Mac, and let us know if you encounter any further issues. We're here for you! :)
0 -
You are looking at this from the wrong perspective. Yes, this fix makes 1password stronger. Many don't read the release notes. Actually, I had no idea 1Password was in updated in the 1st place. The part you are overlooking is that your customers have taken the steps to use the product to secure their data and are keenly aware of nefarious attempts online to steal people data. One of these happens to be Phishing scams. When the usage of software changes, without notice, it puts up red flags and the instinct is not to trust it. This is a major change to what ALL users are accustomed to seeing.
As I stated in the previous post, my wife questioned it right from the start. How is one supposed to know that this isn't a fake dialog that may lead to data being compromised. How is one supposed to know the link you added is real? You need to look at things from that perspective. As your users are keenly aware, any dialog, site, email, etc can be made to "appear" legitimate but be something more sinister. When it popped up on my screen I recalled that convo from this AM about some popup from 1password my wife mentioned. I then did a search online and came to this forum topic. Personally, I would't click on the link, since I wouldn't trust it (sorry you got me trained not to trust anything suspicious).
Maybe instead of a link, you state to open the 1password application for further details on the change presented above. Then once a user opens the application itself, a dialog is presented with a screenshot like you have above and a description. Users have to check the box to advance, which eliminates that dialog from being presented on future launches of the 1Password application. Also, can't you add a blurb on the security code page, that pops up in the browser, that would mimic the one on the Mini that could instruct users to launch the 1Password App for details as well?
0 -
I would have to agree, the rollout of this new feature was poorly handled.
0 -
I've purchased 1Password through the App Store, and I can't update to 6.3.5 yet. Do you know when we can expect that version to be updated?
0 -
Hi @scottelkin,
I noticed you posted about the problem in a couple different threads, so I merged them together into this discussion to avoid confusion. I hope you don't mind!
Same problem. I installed from Mac App Store and there is no version 6.3.5. This is super annoying!
As Rudy mentioned above, we've submitted 6.3.5 to the Mac App Store, but it needs to go through Apple's review process. We're hoping that happens shortly, but unfortunately it's not under our control and we don't know exactly when the review will be completed.
If you don't want to wait, you can switch to the AgileBits Store version by following the steps here: How to switch to the version of 1Password from the AgileBits website
Please let us know if you have any questions about that or need more help. We're here for you! :)
0 -
@imt: I'm not sure it's fair to say that my perspective is "wrong" just because it's different from yours. Frankly, I think we all benefit from a free exchange of ideas. Many people's expectations and use cases are different, after all. And you raise some great points, so I think it would be unfortunate for all of us if your perspective was dismissed out of hand. Getting back to that, first and foremost, the link goes to a secure page on the 1Password support site. So you can't get much more official than that...but we're already working to take it a step further. It may not be something that many people will notice, but I did and I'm betting you may as well: support.1password.com doesn't benefit from our EV cert, so we're working to deploy it so you'll get a green "AgileBits, Inc." in your browser in addition to the encryption. I'm not sure there's more that we can do than that though, because you can already verify that 1) the window you're seeing that message in belongs to 1Password for Mac and 2) 1Password for Mac itself is signed by AgileBits, Inc. But if you have any other suggestions, please let me know! :)
0
