Forum Discussion
Community Manager1Password now available in Comet, the AI-powered browser by Perplexity
Hi all, thanks for raising these questions and sharing your concerns.
At 1Password, our guiding principles are privacy, security, and transparency, and ensuring people can use the tools they choose safely. We know AI and new browsing technologies raise important questions, which is why our role is to give people choice without compromising trust.
To clarify a few points about our partnership with Perplexity on the Comet browser:
- Your data remains private. Nothing about this partnership changes how 1Password works. Vaults are end-to-end encrypted, and neither Perplexity nor Comet has access to your information. Your secrets remain encrypted and never leave your control.
- The extension is the same. The 1Password browser extension works in Comet exactly as it does in Chrome, Safari, Firefox, and other Chromium-based browsers. There is no special integration that exposes additional data.
- This is about choice. Our customers want us to be where they are. For those who want to try Comet, we are ensuring their login and autofill experience is secure, just as it is in other browsers.
We take trust seriously and will continue to make decisions with privacy, transparency, and security at the core.
- Your data remains private. Nothing about this partnership changes how 1Password works. Vaults are end-to-end encrypted, and neither Perplexity nor Comet has access to your information. Your secrets remain encrypted and never leave your control.
Community ManagerHey OverSurge! Thanks for flagging this. I just checked on my end and the Perplexity site’s certificate looks valid, and I haven’t seen other reports of an issue so far.
Could you let us know which browser (and browser version) you’re using, and if you're seeing same thing in any other browser?
Interesting. My Edge browser Version 140.0.3485.66 (Official build) (64-bit) and Chrome Version 140.0.7339.128 (Official Build) (64-bit) are both reflecting the certificate as invalid.
I am on my corporate laptop with additional security measures in place, so it could be something related to that, but I haven't seen this before with other websites.
Attackers might be trying to steal your information from www.perplexity.ai (for example, passwords, messages, or credit cards). ERR_CERT_AUTHORITY_INVALID
That's ... odd. Hitting www.perplexity.ai, not on a corporate intranet, I'm seeing a Let's Encrypt cert.
I just talked to my security and network team and have learned that we are migrating to a new firewall provider and that is our device that is issuing the internal certificate. They are looking at this on our side. My apologies for triggering an invalid concern.
- 1P_Blake
Ah, that makes total sense. No worries at all — glad you were able to get to the bottom of it! Thanks for circling back to let us know. 🙂
I see what's going on. Their certificate is issued by FG181FTK25900273, which is a Fortinet device. Fortinet firewalls often perform SSL deep packet inspection by intercepting HTTPS traffic and re-signing it with their own internal CA. My corporate browser doesn't explicitly trust the Fortinet CA, thus it will flag the certificate as untrusted or invalid. As a result, any certificate signed by it (like the one for perplexity.ai) is considered self-signed or untrusted. Our corporate policies are seeing this as a self-signed certificate and won't trust it. It also flags it as risk of man in the middle attack.
