1Password warning: This is an unsecured HTTP page

gkgriffith
gkgriffith
Community Member
edited January 2015 in Mac

"1Password warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.

Do you still wish to fill this login?"

I am increasingly getting this warning when using the "Fill Login on current webpage" keyboard shortcut to attempt to login to a secure site. I am receiving the warning more often and for sites where I did not previously receive it.

If I attempt to login from the 1P browser plug-in or 1P mini I get the same result. If, however, I use the main 1P app and click on "open and fill" from the "website" entry for the site I want to unlock, I don't get the 1P warning.

I believe this issue was touched on in a different discussion, but it seemed the issue was not resolved and instead went off in a different direction.

Thanks for any help/advice!

Comments

  • Hi @gkgriffith,

    A website address begins with either "http" or "https". The "s" at the end of https indicates that the webpage uses a secure connection. That warning is telling you that when you saved the login for that site, it was a secure login page (https), but the page you're trying to fill is not secure (http).

    Some sites don't force the https connection, and will allow login on http pages as well. By using "open and fill", you are opening the https page.

    Please let us know if you have any other questions. We're always happy to help!

  • JENZ
    JENZ
    Community Member

    Is there a way to turn this warning off? I am finding it a nuisance, and would rather not see it.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Sorry @JENZ but this particular warning is not configurable.

    If you felt strongly enough about it you could manually edit the Login items and change the https to http.

    What I would hope you realise though is when you see this and ignore it your username and password are being sent in plaintext over the internet as http is not encrypted or secure at all. It would be a bit like yelling your PIN for your bankcard to a friend in the pub and yes, I've heard of people doing that. If a site has an https page it's really in your best interests to use it, heck even Google use https for searching!

    I realise it's probably not what you wanted to hear but if you really want to you know how to stop the warning message as you come across it.

  • carloglesby
    carloglesby
    Community Member

    "1Password warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.
    Do you still wish to fill this login?"

    I received that massage when i log in to ted.com, is it safe ???

  • Stephen_C
    Stephen_C
    Community Member

    @carloglesby@mac.com please see the explanations above by JasperP and littlebobbytables which explain:

    1. why you're seeing the warning; and
    2. why you might need to be concerned about it.

    Stephen

  • Megan
    Megan
    1Password Alumni

    Hi @carloglesby ,

    (First of all, I've edited your username to remove the domain part of your email address - this should make it easier for you to get notifications via the forum here. If you would prefer a different username, please let me know!)

    Please let me know if you have any further questions after reading the comments by Jasper and littlebobbytables above.

This discussion has been closed.