1Password opting out of App Transport Security in iOS 9?

pomme4moi
pomme4moi
Community Member

The attached blog article says 1P is opting out. True?

https://www.dzombak.com/blog/2015/09/Nobody-is-using-App-Transport-Security--what-s-next-.html


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @pomme4moi,

    Yes. Because of 1Browser we will have to opt out, however we will be adding exemptions for servers we routinely contact (our image server and such) in 1Password for iOS 6.1.

    Thanks!

    Ben

  • doetraar
    doetraar
    Community Member

    Is there no way that ATS can be toggle-able by the user? In other words, if I wanted to make sure that 1Browser wouldn't let me connect to insecure sites and use my 1P stored data? May not be possible by how Apple implemented it, but, I'd personally like to ensure that I never connected to anything via 1Password that might create unnecessary risk, and anything that doesn't pass ATS checks would create that risk.

  • AGAlumB
    AGAlumB
    1Password Alumni

    In other words, if I wanted to make sure that 1Browser wouldn't let me connect to insecure sites and use my 1P stored data?

    @doetraar: This is actually a feature that is built into 1Password which we get complaints about: 1Password simply won't fill a Login item from a secure site into an insecure login form, and it will only offer you Login items that match the current URL. The same goes for sites with invalid certificates or untrusted certificate authorities. I hope this helps! :)

This discussion has been closed.