Monthly Archives: August 2015

1Password & Chrome on the Mac: “code signature could not be verified”

Over the past two weeks I’ve noticed that on my iMac 1Password and Chrome have not been playing nice together.  When i try to use 1Password to fill in passwords in Chrome I’m seeing the message “code signature could not be verified” pop-up.  In typical 1Password fashion the message includes a link to the troubleshooting guide with steps that need to be taken to resolve the problem.  I thought I ran this down twice or three times.  Was it my AV?  Was it a needed login?  Was it a needed update?   It turns out the fix was incredibly simple.  Chrome had gotten stuck on a version upgrade.  Opening up Preferences from the Crome menu you need to look at the ‘About’ section.  My instance was not up to date.  The fix was easy; I just selected ‘Relaunch’ from that same menu.  Problem solved.

Screen Shot 2015-08-09 at 7.56.15 PM

Advertisements

Websites Intentionally Disabling Password Managers

It wasn’t just me.  The folks at Wired have noticed that some web sites are not really very password manager friendly.

I travel fairly often.  Lots of that travel is for work but I do get around on personal business and to get away.  One of my go to sites for travel is Hilton dot com.  I’ve been a Hilton customer for a long time.  I like their hotels.  I think they treat me well where ever I go.  This isn’t an advertisement for Hilton; your mileage (and accommodations) may vary.

When you sign in at the Hilton site you typically see a prompt for a user name and password along with a check box for ‘remember me’; where the site drops a site cookie to your browser.  This window also has ‘forgot your sign in’ and ‘register for site’ dialogues.

The annoying thing is that Hilton has added a check to see if you are a robot.  It seems like if the cookie isn’t found in your browser, the site will add a robot test to see if the session has a user attached.  I found the test usually involves matching text to pictures.  The annoying thing about the test is that if you often clear cookies (like many security researchers and I do) you’ll run into this robot check more often than the general public (many of whom unknowingly tolerate cookies).

If I use my password manager this test comes up after that software has filled in the username and password fields and submits that data; so my login fails.  Once that fail happens I have to complete the form and the robot test manually and then submit.

It is mildly annoying but I’m still spending lots of time at Hilton properties.