Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

0% Positive

Analyzed from 163 words in the discussion.

Trending Topics

#password#account#claude#why#cli#safer#never#inference#context#security

Discussion (6 Comments)Read Original on HackerNews

laul_poganabout 1 hour ago
How is this different than OP CLI with a service account?
terracatta40 minutes ago
Much safer as the technique ensures the AI agent never even sees the creds vs the CLI the inference/context can see them which opens you up to a whole class of security risk.

https://support.1password.com/1password-claude-security/

mdni007about 3 hours ago
Why bother? If you're giving Claude access to your account anyways why not just give it your password too? Assuming you use a randomly generated password for every account you have.
terracattaabout 2 hours ago
You don't want passwords to enter into inference/context because once they are there the AI can accidentally share or be tricked into sending the password to other places.

With this solution to explicitly approve which credentials it can access for each task and the passwords themselves are never shared...Claude just can ask

1Password to fill them in for it at the right time in the browser. This is much safer.

We did some novel research earlier this year if you really want to see why it's bad for AI agents to just be able to grab things in your password manager...

https://1password.github.io/SCAM/replays/phish-shared-doc.ht... that's the nightmare scenario.

therobots927about 3 hours ago
Fuck that
quaddoggyabout 3 hours ago
What could go wrong?