Using 1PW on a public wifi
I think I know the answer to this, but I just want to make sure. If I'm at Starbucks, for example, and I log into my bank by hand typing my username and password, it's quite possible for someone to be using that same wifi system to get my account information. I assume that the same thing is true by using 1PW? Once I tap the link, that information can become available to anyone trying to steal it?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @RCMjr :)
Good question! There is a difference between simply intercepting traffic (simple) and getting to the clear text of the intercepted traffic (harder), as all traffic to our servers is encrypted through TLS/SSL. In addition to this, we use SRP which, in simple terms, is a protocol that allows two parties who know what the password is, to authenticate a client without actually sending the password itself over the network. Take a look at our security page for some more information about this.
However, as usual when it comes to untrusted networks, this recommendation still stands: use a VPN for good measure. Every additional barrier to put between you and a potential attacker is very welcome ;)
0 -
Thanks.
0 -
OK, use a VPN. Norton's is $30 and there are many others. But why not build one into "secure" browsing on 1Password? Cut to chase, we tend (ha! as if not about totally) to trust Agilebits, so we would trust their VPN. And a natural place to open a private session is inside 1Password. Larger delays and lesser bandwidth would be but a small price for peace of mind touching risky sites, buying stuff or updating a personal website, say from Tasmania when your home WiFi is back in Tacoma! So why not offer that as an option or even a standard with the 1Password license? But here is a divergent question, who needs VPN except for anti-tracking (which, granted, is a valid issue)? Any monetary transaction these days with a legit vendor is SSL protected, and you can turn on TSL with most any mail host. Banking or credit card purchasing should already be no different in a bar in Koani than it is in your den at home on your own cable router. Just make sure the padlock is there and the cert is recognized.
0 -
Hi @KeithK,
who needs VPN except for anti-tracking
Certainly there are a number of VPN providers out there where the offering is geared toward keeping you semi-anonymous or protecting traffic on unsecured networks. But the primary purpose of VPNs, I'd wager, is actually to remotely access network resources securely. Many businesses have VPNs so that remote workers, or even satellite offices, can access their corporate network and the resources on them.
So why not offer that as an option or even a standard with the 1Password license?
Because:
1) We aren't in the VPN business and there are already lots of companies that are. It is a crowded marketplace. We wouldn't be able to compete.
2) Time we'd spend on building a VPN service would be taking away time we'd spend on 1Password. I don't imagine the majority of our customers want that, and neither do we.
3) If we were going to bundle it with 1Password we'd have to raise the cost of 1Password to cover the development, documentation, marketing, customer service, technical support, ... etc expenses associated with doing so. Again I can't imagine that most customers would want this.There is certainly a time and a place to use a VPN, but there are already a lot of great options out there. At this stage of the game I don't see us entering that market.
Ben
0 -
SurfEasy is now built into Opera now so I suppose you could use Opera and get a VPN as well?
There is also a standalone free version in the Apple App Store.
0 -
@wkleem: Opera VPN is easy and convenient, but it also does much less than a traditional VPN — to the point where some would argue that it isn't really a VPN, but rather a proxy. I don't really want to get into that, but another concern is that Opera is now owned by a Chinese company. Not that there's anything wrong with that in and of itself, but the Chinese government is fairly notorious for tracking and censorship, so it's something one should bear in mind when using software or services from a Chinese company since it may be subject to government entanglement. And apart from that, I think there's a good case to be made for paying for a service like this, since if we aren't, often we are the product that is being sold. This is the internet, after all. Since any VPN can protect us from local sniffing, ultimately it's the company providing the endpoint that we need to trust. And I'm much more comfortable relying on a company that I have a customer relationship with than one where the arrangement is less clear.
0 -
Opera is now owned by a Chinese company and I don't trust them.
Here is a site that compares VPN's
https://thatoneprivacysite.net/vpn-comparison-chart/0 -
@prime: I still use Opera sometimes (mainly on slower machines), but I think that's understandable. I do long for the "old Opera" of days long past though. :crazy:
And thank you, that is one mother of a VPN comparison! I actually wasn't sure of what some of the criteria were referring to, but the glossary was really helpful. :)
0
