"1password and secure wallet requires new permissions" -> chrome warning

7dy4ru9
7dy4ru9
Community Member
edited April 2017 in Mac

The attached warning popped in Chrome version 57.0.2987.133 this morning, from the browser extension icon. No warnings in FF or Safari. (I use it regularly on all 3 browsers).

Can't find any thing referring to any changes/updates that might have triggered it. Any idea why this is this popping up today?


1Password Version: 6.6.4 (664002)
Extension Version: Not Provided
OS Version: OS X 10.12.4
Sync Type: icloud

Comments

  • 7dy4ru9
    7dy4ru9
    Community Member

    The extension version is 6.6.4, via App store, updated on April 2. Warning didn't pop up until today.

  • _42_
    _42_
    Community Member

    I also have this issue and I am surprised not to see Agile Bits reach out about it.

  • netnothing
    netnothing
    Community Member

    I'm running the non-MAS version and received the notice today.

    1Password 6
    Version 6.6.4 (664001)
    AgileBits Store

    -Kevin

  • Thanks for checking with us.

    In this case, this is normal and expected. We released a new version of our extension and this is due to that. We're working on adding a new communication mechanism between the extension and our app and this required adding the request for that permission in the extension. This in turn requires that Chrome ask that you re-confirm that you're ok with the extension.

    Cheers.

    Rick

  • _42_
    _42_
    Community Member
    edited April 2017

    Rick, thanks for the update. What's the reason for the new "Read and change all your data on the websites you visit" permission?

  • ag_kevin
    edited April 2017

    Hi @_42_ ,

    The extension must be able to read the page to determine where the username and password fields are. And likewise, to be able to fill them in, it must be able to change the data. Basically, when filling, it's changing the value of the username and password fields.

    Note, the permission is not new. The extension has always required that permission. The requirement to ask for it is the new part.

    Cheers,
    Kevin

  • 7dy4ru9
    7dy4ru9
    Community Member

    And chrome has recently made some changes that now require this formal ask, is that correct?

  • crsouser
    crsouser
    Community Member

    @ag_kevin So how much of my browser information / history gets sent to AgileBits if you are reading all data on the page.. and how can we specifically disable it so we can simply have the Mini version and manually look it up instead or limit it to just the URL?

  • @7dy4ru9 , that is correct.

    @crsouser absolutely none of your browser information/history is ever sent to AgileBits. The permission is for the 1Password browser extension only; and not sent to AgileBits.

    This is how it works:

    1. The extension reads the web page to determine where the username and password fields are. This is why it needs read permission.
    2. The extension asks for the username and password from 1Password mini (part of the 1Password application) for that page alone. 1Password mini then responds with the username and password. It never sends that information to AgileBits. 1Password mini can not even reach out to read the page - it only responds to requests from the extension for that page URL.
    3. When 1Password mini responds with the username and password for that page, the extension fills in the username and password fields. This is why it needs write permission.

    So to answer your question on how to disable it and simply have the Mini version manually look it up and limit it to just the URL, it already works that way.

    I hope that clears it up. If you have any further questions, please reply.

    Regards,
    Kevin

  • 7dy4ru9
    7dy4ru9
    Community Member

    Thx for quick response and explanation, as per usual.

  • @7dy4ru9,

    No problem. Let us know if you have any additional questions.

    Rudy

  • sjk
    sjk
    1Password Alumni

    Greetings, everyone!

    Wanted to mention that we've posted an official announcement about this extension update over in the Saving and Filling category on the forum:

    Extension disabled in Chrome or Chromium-based browser and asking for new permissions

    It also refers to this support page:

    1Password extension is disabled in Chrome and "requires new permissions"

    Cheers! :)

  • commking
    commking
    Community Member

    When Chrome popped this access request at me, unannounced and unexpected, naturally I was cautious and suspected a scam or hack. A bit of warning next time would be appreciated.

    Having said that love the product and have no regrets buying it.

  • Since it's a browser-level thing, warning folks about this isn't quite possible on our end. I agree it would have been nice to make the transition smoother, but a knowledge base article was the best we could do with this one :)

  • Robak
    Robak
    Community Member

    I have used 1Password without any problems for over a year.

    However, yesterday I had a problem: the sudden need to give Chrome additional permission to share information of all my web pages. On this forum I found an answer for the it. I was reassured that it is bona fide and gave the required confirmation, and then it was possible again to open 1Password from my Chrome browser.

    I assumed that was that. But today again I cannot find the 1Password icon in my browser, and Chrome does not give any other suggestion (no orange hint). Please advise what to do now.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Robak: I'm not sure what could have happened with Chrome in your case, but at the very least you can install the 1Password extension from the AgileBits website and you should be good to go. Cheers! :)

  • Robak
    Robak
    Community Member

    Thanks, Brently, that worked!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Excellent! Thanks for the update. You are most welcome! It sounds like you should be all set, but don't hesitate to reach out if we can be of further assistance. We're always here to help! :)

This discussion has been closed.