1Password Launches Anti-Phishing Warnings for Pasted Passwords

[MacRumors]

Popular password management app 1Password today announced the launch of a new phishing protection feature that's meant to "act as a second pair of eyes" before users provide their passwords to scammers.

1Password will not autofill a username and password on a website that is spoofing another as one layer of protection, but users can get around that by manually retrieving their usernames and passwords.

To add further protection, when a user attempts to paste their username and password into a website, the 1Password browser extension will display a pop-up warning that prompts them to pause and use caution before continuing. 1Password hopes that the warning will cause users to take a second, more careful look at the website before proceeding.

The phishing protection feature will be turned on by default for individual and family plan users, while 1Password Admins can turn it on for employees. The protection is rolling out starting today.

Pricing for 1Password starts at $2.99 per month for an individual user.

Article Link: 1Password Launches Anti-Phishing Warnings for Pasted Passwords

 

[Howard2k]

Should be using passkeys, no passwords. Ideally with a pair of Yubikey or similar.

 

[Mr. Heckles]

Should be using passkeys, no passwords. Ideally with a pair of Yubikey or similar.

Only a few of the websites I use lets me use passkeys.
Passwords aren’t going anywhere anytime soon.

 

[ifxf]

Should be using passkeys, no passwords. Ideally with a pair of Yubikey or

Why doesn’t Apple support passkeys with its websites?

 

[Howard2k]

Apple does support passkeys.

Why doesn’t Apple support passkeys with its websites?

I'm not sure about every single Apple website, but Apple certainly does support passkey for your Apple ID. I use a Passkey to secure my primary Apple, Google, Microsoft accounts. Others when I can too.

Yeah it's not everywhere, and it's not perfect, but it's better than passwords for phishing resistance.

 

[Howard2k]

Only a few of the websites I use lets me use passkeys.
Passwords aren’t going anywhere anytime soon.

For sure. I don't know how difficult the back end implementation is but it's getting more common every day. You're right though, there will always be websites that don't support passkeys.

 

[jeroenvip]

Maybe a stupid question, but if the auto fill is not popping up to fill the password. It does make sense you never visited that website anyway so you check it right ?

 

[Abydos]

If my 'business email" (one given out to companies which request an email address) is indicative of the scope of the phishing problem, I receive approximately 3 phishing emails a day (some quite well crafted some not so well crafted) - then precautions are wise

 

[Digital Dude]

I’ve been using 1Password since their beginning and have stayed with it ever since. I’ve had no regrets, as it’s been solid, reliable, and does exactly what I need. Passkeys, however, have been somewhat incompatible for me, largely because I use multiple operating systems. The phishing feature isn’t really new either; it is just a different spin on their existing validation scheme. 🤷‍♂️

 

[bviktor]

Oooh, cool, Bitwarden had this for years. And it's free. And it even has a self-hosted option.

I really don't understand why people keep hyping up 1Password and Lastpass. Bitwarden gives you all the essentials for free that the others charge for.

 

[Quu]

The UI for this feature could be a lot better.

 

[Deacon-Blues]

Doesn’t Apple’s Passwords app do this as well?

 

[xpxp2002]

Oooh, cool, Bitwarden had this for years. And it's free. And it even has a self-hosted option.

I really don't understand why people keep hyping up 1Password and Lastpass. Bitwarden gives you all the essentials for free that the others charge for.

Having used both, the UI and ease of use are worlds better with 1Password.

 

[TheStof]

Maybe a stupid question, but if the auto fill is not popping up to fill the password. It does make sense you never visited that website anyway so you check it right ?

Exactly right. If you go to app1e.com (instead of apple.com) and your credentials aren't filling out automatically or even popping up as a match in the browser extension for the site, that should be a natural red flag. That makes a lot of sense too. You don't have any credentials on the fake website app1e.com so your password manager doesn't have the credentials for it.

 

[eduardodfj]

I stopped using 1Password when they switched to subscription-only. There is value in the app (and I'd gladly pay for it) but nothing whatsoever in a monthly payment. Enpass has been great ever since and I still have all the features, including syncing via several options (iCloud, wifi-only, etc.)

 

[Demigod Mac]

I regrettably left 1Password after they went cloud + subscription only. EnPass has been a pretty good substitute; it functions much like the classic 1Password and they offer a lifetime license option.

 

[Artemis70]

Oooh, cool, Bitwarden had this for years. And it's free. And it even has a self-hosted option.

I really don't understand why people keep hyping up 1Password and Lastpass. Bitwarden gives you all the essentials for free that the others charge for.

Nothing is free. Bitwarden incurs cost for their basic hosted plan. What value are users providing to them such that they can make money to at least cover their cost?

Btw, in my case I would want the family plan. That is not free and priced similar to competitors.

 

[Runaway Train]

1PWD here for years - very solid. Subscription? As a fundamental part off my security strategy $50 / year or thereabouts is mouse nuts. MFA (avoid mob phone where possible) + Yubikeys for the critical ones that support it.

 

[MacHeritage]

That's nice but I won't use them anymore since they killed local vaults and went subscription only. 1P7 for life or Strongbox for me. I don't do subscriptions for an app like this and I don't want any vaults going over the Internet.

 

[ducknalddon]

I was happy with the subscription but dropped it when they started using Electron. I have enough bloated apps already.

 

[scottishwildcat]

Oooh, cool, Bitwarden had this for years. And it's free. And it even has a self-hosted option.

I really don't understand why people keep hyping up 1Password and Lastpass. Bitwarden gives you all the essentials for free that the others charge for.

Even if the feature sets were identical, which they aren't, I'd pay just to avoid BitWarden's truly appalling UX.

 

[paulrudy]

or Strongbox for me

I was a fan of Strongbox until 1) it turned out they were touting being open-source while not being fully open-source and 2) they got acquired by Applause, the same group that acquired Bartender in a kind of shady, hush-hush way.

 

[svish]

Useful feature. However don't think I will shift and happy with Apple Passwords app. Would like to see a one time purchase option for 1Password.

 

[LordArchie]

I’m likely what you would consider a power user of 1Password. After hearing the hype on Bitwarden, I paid a year sub to see what the fuss was about.

What a mess of a UI, it looks like the old windows days, so many missing features of 1Password.

No tags
No location aware entries
No travel vault
No expiration date monitoring
No passkey monitoring
Limited templates

It’s the little “niceties” of 1Password that’s make it worth it. The tags are likely the biggest miss, I was over on Reddit and they are suggesting workarounds like emoji in the item name, adding custom fields to help locate items.

If 1PW went away, my next choice would be Proton Pass. They are adding functionality regularly, not near 1PW yet but I feel they have passed Bitwarden and their UI is so much better

 

[coolfactor]

Should be using passkeys, no passwords. Ideally with a pair of Yubikey or similar.

Isn't "1Password" just the most unfortunate name, as it's a very bad practice to have a single password for multiple logins.