Forum Discussion

New Contributor

9 months ago

1Password Extension Hijack

I recently watched a video (see link below) where an unassuming Chrome extension could mimic the 1Password extension. It temporarily disabled the extension, changed its appearance to look like 1Passw...

browser extension

keithm1p

New Contributor

9 months ago

Yup, watched that YT video on this as well. I can't help to think that this is just sneaky enough to fool even experienced users. While I don't think I've seen this before with 1P, new versions of other extensions do sometimes force a clearing of cached credentials, logout, and prompt you enter them again.

I don't use Chromium-based browsers, but many do. We shouldn't be so quick to dismiss as to "Not 1P's problem" though. The browser plug-in ecosystem is where 1P lives --- that's where it's useful, and without that, I probably wouldn't be a subscriber. If there are adjacent risks, or threats within that same system, it would be foolhardy to not at least investigate and remediate. And maybe 1P has already looked into it -- and would be interested as well to hear what's being done.

Forum Discussion

1Password Extension Hijack

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Feature Request: Passkey export support

Unable to update 1pw on Win 11 since 1st install: have to do full reinstall every time

1Password quits unexpectedly on both Windows 10 and Windows 11

1Password 8.11.22 not available for Chrome and Firefox

Date format is incorrect in 1Password for iOS