Authentic website question.

ronen
ronen
Community Member
edited October 2017 in Mac

A basic question please .
On Safari .
After Google search result for example , A website appear ( When Not using 1 Password direct Login )
When I fill my username and password via Right Mouse click - new window menu ( As in the Pic ..) ,
If the website address is NOT genuine / a fraud website , Will 1Password alert me when filling my details to a danger website ?
Thanks.


1Password Version: 1Password Version 6.8.3 (683004) Mac App Store
Extension Version: 4.6.11
OS Version: 10.13 High Sierra
Sync Type: iCloud

Comments

  • Lars
    Lars
    1Password Alumni

    @ronen -- Yep! When you're first installing a browser extension - ANY major browser, not just Safari - you'll get a pop-up window to authorize the 1Password extension's communication with your 1Password app. 1Password will reject (deny) communication with any process NOT so authorized, so even if you were somehow spoofed, 1Password wouldn't be fooled, since a fake process wouldn't be authorized, and thus 1Password would refuse to communicate.

    1Password will also not fill into websites which don't match the URL you have saved for the login item in question. So, if you have a Google account, and you somehow are socially-engineered to click on a link to a malicious page that looks exactly like Google's real site, the owners of this nefarious site still cannot actually own the Google domain name. So the page may look 100% authentic, but it will have a URL that looks something like https://myaccount.g0ogle.com (or whatever, fake) instead of https://myaccount.google.com (the real thing). A human - you or me - might mistake one for the other if we weren't paying close attention, but 1Password will not be fooled just because a zero looks like an O.

    Having said all that, 1Password doesn't know what sites you WANT to sign into, so if you're tricked into creating an account at the fake Google site, 1Password won't warn you when you go to save that item, because for all it knows, you DO want to create an account at https://myaccount.g0ogle.com -- that's why we say that security is a process, not a product. 1Password is an excellent tool to help you stay safe online, but the best and final line of defense against the web's many miscreants is your ongoing vigilance and comprehensive security best practices. Stay safe out there! :)

  • ronen
    ronen
    Community Member

    Thank you very much for your well explained reply !

  • Lars
    Lars
    1Password Alumni

    @ronen - you're quite welcome! :)

This discussion has been closed.