undefined | Better HN

0 pointsjxpx7779y ago0 comments

Disclosure: I work for AgileBits, makers of 1Password.

For desktop browser extensions that are properly using the frameworks, the extension's Javascript runs in its own execution context so the page cannot redefine variables. This protected 1Password when we discovered that a certain page had redefined the global JSON object, which provides parse and stringify functions among other things, to be the number 3, i.e. a numeric constant called JSON. :'D

0 comments

throwanem9y ago

Out of curiosity, does this apply only to Chrome's extension framework, or to Firefox's and Safari's as well?

Context: I'm a new 1Password user who is contemplating use of the extensions for those latter two browsers, and while it seems probable their extension frameworks offer the level of security you describe, I'd like to be certain before pulling the trigger. Thanks!

AGKyle9y ago

Disclaimer: I work for AgileBits as well :)

Hi there!

Yes, all 3 of the major browsers (and derivatives of them) offer the same support for a sandboxed execution environment. You can safely use any of them if that's a requirement you have :)

Kyle

AgileBits

throwanem9y ago

Neat, thanks!

dkopi9y ago

Great point. Exactly the type of comments I come to hacker-news for!

favadi9y ago

When you are here, is 1password for team is the future and the classic 1password will become obsolete soon?

AGKyle9y ago

Disclaimer: I also work for AgileBits

We really try not to call it "Classic" or anything like that. It's standalone, you're in charge of upgrades, syncing and backups and stuff like that. It's also not designed for sharing (at least to the degree of the Family and Team solutions).

That said, we don't have any immediate plans to remove the standalone products. However, if a vast majority of our users switch to 1Password Family or 1Password Teams (and as of today, an Individual plan!) then it doesn't make a ton of sense to keep the standalone product around. So, it's probably one of those speak with your wallet kind of scenarios.

I'll certainly pass your feedback along, it sounds like you'd like to keep it around.

I hope that helps answer your question :)

Kyle

AgileBits

_pghu9y ago

I also very very very strongly do not want any hosted service requirement for using 1password. I am very proud user of 1P but a hosted requirement would kill it for me. No matter how much you (the generic 'you') tell me you're super secure, nothing will be as secure as owning my own data and using local Wi-Fi sync to put it on my phone.

3 more replies

jamie_ca9y ago

Please do consider keeping the standalone apps. Not having my passwords stored on someone else's server (encrypted or not) is why I'm a 1Password user (and likely buying an upgrade license this month to load it on my other windows box). Similarly why I've bought and upgraded Arq to store backups on storage I control.

sondr39y ago

I'm probably being daft but I can't find the Individual Plan on 1Passwords homepage, any idea where I can find out more about it?

1 more reply

j / k navigate · click thread line to collapse

0 comments

throwanem9y ago

Out of curiosity, does this apply only to Chrome's extension framework, or to Firefox's and Safari's as well?

AGKyle9y ago

Disclaimer: I work for AgileBits as well :)

Hi there!

Yes, all 3 of the major browsers (and derivatives of them) offer the same support for a sandboxed execution environment. You can safely use any of them if that's a requirement you have :)

Kyle

AgileBits

throwanem9y ago

Neat, thanks!

dkopi9y ago

Great point. Exactly the type of comments I come to hacker-news for!

favadi9y ago

When you are here, is 1password for team is the future and the classic 1password will become obsolete soon?

AGKyle9y ago

Disclaimer: I also work for AgileBits

I'll certainly pass your feedback along, it sounds like you'd like to keep it around.

I hope that helps answer your question :)