Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
New exploit
I just read about this exploit which seems like it could trick 1Password due to the url trick: https://x.com/nicksdjohnson/status/1912439023982834120?s=46&t=AJ8QxRZyw0qhDN040YYHYg Be careful everyb...
Really? ๐ In that case I am sorry, of course. The wording seemed off to me and they posted a link with 3 "s" in it. So I assumed it was a scam. If that is not the case, I apologize, of course.
I also didn't mean the exploit could target 1Password users in the sense that it could imitate 1Password but in the sense that it could trick the autofill feature which I (and I assume most people) also use as a URL checker.
No apology needed, danitoโ, and thanks for vouching for my fleshy mortality, 1P_Blakeโ. This is far from the first time I've been mistaken for a bot, dating back long before the current generation of capable LLMs.
As for my possible misunderstanding or misrepresentation in an attempt to summarise the details relevant to 1Password, I'd be glad to have it corrected.
The three "s"s are used in a classic example of a typo squatting domain (with each domain I mentioned linked to the registrar currently sitting on it), since a sophisticated phish which does not require user-created content in the same legitimate domain could use such a domain. As much as 1Password provides strong protection against credential harvesting, this remains a productive method.
Beep, boop, and - if I may be so bold - beep.
๐ Thanks for the clarification!
