Login no longer secure?

[+Ripdubski]

The popup window asking for login is no longer secure, at least according to 1Password. For the past couple of weeks I've been getting a warning that the login is not https. Any ideas?

[Albert]

That's odd, as I also use 1Password (on the Mac) and I'm not getting a warning on the popup (just tested it). The login should indeed be https, although other elements on the page are not loaded through https. But the form submission is, which is the important part. What browser are you using?

 

..Al

[+Ripdubski]

Safari 7.0.6, OS X 10.9.4, 1Password 4.4.1, 1Password Extension 4.2.4.. The extension is not showing any updates. If I use the document inspector it shows the page as http. It will revert to http after initially setting https - I get the https lock, then it goes away.

 

The warning I get, per AgileBits, means the password was saved as https, but is being filled on an http form.

 

Error:

1Password warning: This page is not protected. Any information you submit can potentially be seen by others. This login was originally saved on a secure page.

Do you still wish to fill this login?

FWIW, I get this from both 1Password extension (browser) and from 1Password Mini (OS toolbar). When I hover the AtariAge Signon link it shows https. But when the form pops up it reports http://atariage.com

Edited August 19, 2014 by Ripdubski

[Albert]

Safari 7.0.6, OS X 10.9.4, 1Password 4.4.1, 1Password Extension 4.2.4.. The extension is not showing any updates. If I use the document inspector it shows the page as http. It will revert to http after initially setting https - I get the https lock, then it goes away.

 

The warning I get, per AgileBits, means the password was saved as https, but is being filled on an http form.

 

The reason this is happening is because the registration page is actually loaded with https, but the normal login popup is displayed on an http page. However, the login form is submitted using https. This is pretty common. Nothing has changed on AtariAge recently as far as this goes, so this might be a change to the 1Password extension. Not sure if 1Password has a way to ignore that warning on a specific page.

 

..Al

[+Ripdubski]

It doesn't. This is a new "feature" of 1Password as well and a lot of people are complaining about it. But in reality it is trying to protect you. I'll remove the password and resave it to see how it stores it.

 

 

Update:

After removing the password, and logging in again to save it new. The URL shows: http://atariage.com/forums/

Edited August 19, 2014 by Ripdubski

[Albert]

It doesn't. This is a new "feature" of 1Password as well and a lot of people are complaining about it. But in reality it is trying to protect you. I'll remove the password and resave it to see how it stores it.

 

Yeah, I've seen it as well on some sites, although not here. I can understand why they are doing it, but they need to add an, "Ignore on this website" checkbox when they pop this warning up.

 

..Al

[+Ripdubski]

After re-saving I no longer get the warning. But I'm not convinced it's https anymore since it was originally saved with https.

[Albert]

After re-saving I no longer get the warning. But I'm not convinced it's https anymore since it was originally saved with https.

The popup login form uses https to submit your username and password to the server. if you sign out, pull up the login form and then view the page source, you'll see this:

 

..Al