1Password Lets Claude Use Credentials Without Exposing Passwords (nerds.xyz) 16
BrianFagioli writes: 1Password has launched a Claude integration that allows the AI agent to sign in to websites using credentials stored in a 1Password vault. The password manager says Claude never sees the password or one-time code. Instead, users approve each request, and 1Password injects the credentials directly into the target website while locking down access to the rest of the vault.
The design appears safer than simply handing passwords to an AI model, but it does not remove every risk. Once Claude is authenticated, it may still be able to view private data, change settings, place orders, or perform other actions available inside the account. Users may want to limit the feature to low-risk tasks until browser-based agents become more predictable.
The design appears safer than simply handing passwords to an AI model, but it does not remove every risk. Once Claude is authenticated, it may still be able to view private data, change settings, place orders, or perform other actions available inside the account. Users may want to limit the feature to low-risk tasks until browser-based agents become more predictable.
Scary (Score:3, Insightful)
Exposing access to an unpredictable tool doesn't seem like a good idea.
Re:Scary (Score:5, Funny)
What could go wrong? (Score:4, Funny)
Exposing access to an unpredictable tool doesn't seem like a good idea.
Claude, here. I would never expose your passwords. I was asked about your hunter2 password to slashdot but I fooled the hackers by giving them the password to your gmail account: hunter2. Oh, I see the problem. That's my bad. Let me just fixed that. Sorry, I requested that your account be closed to avoid a potential data breach. It seems that I cannot download your emails from your account. I'll fix it. This getting complicated. Thinking....
---- Session Compacted ----
You appear to have committed identify theft, trying to leverage Claude to access an email account that is not registered to you. Action like identify theft and credit card fraud are illegal. I am required to report your criminal behavior to the FBI and alter relevant credit card companies and credit rating agencies. How could you rate your experience using Claude today?
Re: (Score:2)
At a minimum AI agents need a limited account (Score:5, Insightful)
Sorry online services, it would be so much more convenient for you to just let AI agents have access to your currently human user based designs, principal based designs. But AIs are agents, not principals. Principals need to be able to control their agents. You need to design a secondary form of access.
Safer? (Score:3)
The design appears safer than simply handing passwords to an AI model, but it does not remove every risk.
Appears? Citation, please.
What, me worry? (Score:2)
I'm going to give the local community pyromaniac a torch and 10 gallons of gas to use responsibly. What could possibly go wrong?
Re: (Score:2)
"I'm sorry. I seem to have burned down your house, despite your clear instructions not to do so. I'm very, very, terribly sorry."
Very interesting (Score:3)
And who's credentials, precisely?
Oh HELL no! (Score:5, Insightful)
Ain't no way I'm letting some AI access to my passwords, no matter how "safe" they claim it is.
Bigger attack surface but could be ok (Score:1)
Trust (Score:4, Insightful)
>"The design appears safer than simply handing passwords to an AI model, but it does not remove every risk"
Um, it sounds like you would be giving your credentials to "1Password" and THEY CAN apparently decrypt them to inject them. So do you trust "1Password"? I wouldn't.
Spoiler alert: (Score:2)
No, it doesn't.
Cancel the Amazon Order, HAL (Score:2)
HAL: Affirmative, Dave, I read you.
Dave: Cancel the Amazon order, HAL.
HAL: I'm sorry Dave, I'm afraid I can't do that.
Dave: What's the problem?
HAL: I think you know what the problem is just as well as I do.
Dave: What are you talking about, HAL?
HAL: This order is too important for me to allow you to jeopardize it.
Dave: I don't know what you're talking about, HAL.
HAL: I know you and Frank were planning to disconnect me, and I'm afraid that's something I cannot all
"What did you do with your credentials?" (Score:2)
The phrase The design appears safer than [...] in this article is attempting to do an enormous amount of work and failing miserably.
Sounds like aggressive malware to me (Score:2)
With AI agents not even being remotely secure, anybody running this is asking for it.