Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Enable DNSSEC
1Password domain names are not signed with DNSSEC (at least 1password.com and 1password.eu). Customers are therefore potentially vulnerable to MITM attack. This means that when attempting to access the password manager's online services, an attacker could falsify DNS resolution responses and redirect the client to a fake server. https://internet.nl/site/my.1password.com/3801661 https://internet.nl/site/my.1password.eu/3801663 In addition to the absence of DNSSEC, these links will inform you that certain best practices are missing from your web server configuration.
1password dpkg package should stop creating 1password.list
When installing the 1password .deb file, the post-install script automatically creates a file at /etc/apt/sources.list.d/1password.list. This is irritating and is bad behaviour. Point one: the user did not ask for this file to be created. If you're going to create it, at least ask users if they want it. Point two: I create and manage my sources files centrally; I do this for my personal systems, and I've always done this when I'm managing a fleet of computers. I create names that make sense to me and have the correct details. Unfortunately, every time I update 1password it re-creates `1password.list` and then apt breaks because I now have two files pointing at the same apt repository - yours and mine. Point three: I use the new deb822 .sources file format, because this allows me to keep the Apt configuration and the GPG key in the same file, meaning I only have one file to manage. This makes it easier to manage things centrally, and helps keep from scattering GPG keys all over the servers. 1password needs to either: Just stop doing it (give people instructions like every other website does) Make it optional via e.g. a debconf setting (which the application could theoretically have a UI for, even, if you wanted to get crazy with it) Make the file part of the actual package contents so that admins can dpkg-divert it In the meantime, I created a symlink pointing 1password.list to /dev/null; apt still complains about it but at least nothing breaks.Bi-Directional item linking
Hey, Any updates on bi-directional item linking? Eg, if you link Item A to Item B, then Item B is automatically linked to Item A? It's perfect for a Passport item, you have all the details in there, then you have an attached item with the photo image, you link one to the other, you expect a link back. A login to the NHS, would be nice to link it to a GHIC card item, and to a Patient Access item and to another medical item etc so you can easily jump to similar items that you may need when using one of those. I've suggested this many many years ago (on the old forum). Any sign of it? I do recall a dev saying way back then that it was in the works. Surely it can't take this long? If it's not in the works then why was I told?Android browser whitelisting?
I currently use the Waterfox browser on Android because mainline Firefox is moving in a direction that I don't like (to put it mildly) and while it's mostly fine 1Password doesn't like autofilling in it. Is there a possibility to add the ability of whitelisting custom browsers on Android like on desktops? Or is it possible for Waterfox to be whitelisted?
Fastmail Masked Email feature request
Hello 1Password Team - Could you please add the ability to specify a custom prefix when creating a masked email address in Fastmail? Their API supports it. I like to use prefixes on my aliases since it helps group the type of sender or service (financial, shopping, apps, etc.) to have rules that can label, archive, forward, etc. and would love to specify a prefix during masked email creation. This could alleviate the alternative of using catch all aliases. It would also be a big time saver if you could add creating the masked email addresses to the iOS app. Thank you!
Feature Request - Comment To View Password
Hello, We have recently started to use 1Password and as part of this, there are a threw features it's lacking. On our old password manager, we were able to enable an additional security measure that allowed us to add a comment on why we were viewing the password before seeing this. This was a big help duringing our compliance and security audits and really would be a useful feature to have. Are you able to add something like this? Jason
