You may have heard about the latest scare in phishing attacks: “tabnabbing.” As explained over at TidBITS, tabnabbing changes your tabs while they’re in the background to simulate logins on sites such as GMail or PayPal, even changing the “favicon” in the tab to make it look authentic. You switch back to your tab and, without much consideration, enter your username and password. Poof, your information is sent to the devious hacker who’s been waiting for unsuspecting victims. It’s especially insidious because the link seems completely innocuous to begin with, and offers no sign of being a phishing attack. Fortunately, 1Password protects you here, too.
1Password bases its automatic login selections on the domain of the site you’re logging into. A tabnabbing site can change everything except the URL, so 1Password automatically knows you’re not really on GMail or PayPal (or any spoofed site). Just like in other phishing situations, 1Password offers a fool-proof strategy: if the URL is legitimate, it will match your login information and let you in with ease, but with any non-legitimate URL (which all phishing scams will have), the match won’t be made and you’ll stay protected.
There’s another tricky deception floating around right now: using non-latin characters to build URLs that look exactly like the real thing, but are completely different (and generally dangerous) sites. Don’t worry, though, 1Password has this covered, too, using the same technique mentioned above. The URLs may look the same to the eye, but they won’t match up to 1Password.
1Password doesn’t just store your passwords securely, it offers a first line of defense against online attacks. To sum it all up, if you let 1Password handle your logins, you can worry a lot less about your online security!