Warning: Skrill does not permit you to use any password managers including 1Password on their site

Rabestro

Hello,

If you are one of 35m users of Skrill, you must never use 1Password to store your login details and password.
According to Skrill Terms & Conditions (6.5) using 1Password for storing login and password will breach the T&C.

This is officialy confirmed by support of Skrill.

And if "you breach any condition of these Terms of Use" (17.4.1) then the Company "may at any time suspend or terminate your Skrill Account without notice" (17.4).

Skrill is a very popular financial service with more the 35 millions of users worldwide (wikipedia) and if you are a user of this service and you don't want to breach T&C, you must not use 1Password.

---

1Password Version: 4.6.2
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Dropbox

MikeT

Hi @Rabestro,

Thanks for sharing this with our community.

I've updated your title as it would be a term of condition violation and it applies to all tools, not just 1Password.

Unfortunately, this does not surprise us as many financial service goes overboard with their requirements that does not in fact promote security but discourage it rather.

6.5. Irrespective of whether you are using a public, a shared or your own computer to access your Skrill Account, you must always ensure that your login details are not stored by the browser or cached or otherwise recorded. You should never use any functionality that allows login details or passwords to be stored by the computer you are using. 6.6. Additional products or services you use may have additional security requirements and you must familiarise yourself with those as notified to you.

So, it is not just 1Password, they're saying you can't use any application including your browser to save passwords. I understand why they recommend it (this suggestion is perfect if you're on shared computers and internet cafes but not for private computers) but they can't reasonably expect people to come up with strong unique passwords on their most important accounts and not save it somewhere.

Majority of the problems with forcing people to pick a password they have to remember is that they will tend to reuse it on other sites. So, now if other sites are breached (increasingly common as sites do not encrypt their passwords, they hash it), and they find the password, they can reuse it against Skrill accounts.

It would be nice if they would test and validate password managers to ensure it meets their security requirements since we encrypt your data and requires master password before anyone can get to your data.