Guest Account and Password Filling

Hi there, i'm trying to find a way to allow a third party to log on to some web resources used by our company but deny them the actually see the passwords. My understanding is that they need to install the client and the browser extension for that to work correct?

My biggest problem is when you use Chrome Extension and connect to a website using the Open and Fill option the browser prompt for password saving, allowing the user to see the password afterwards.

Is there a way to avoid such problem??

Thanks


1Password Version: 7.3.657
Extension Version: 4.7.3.90
OS Version: Windows 10 1809
Sync Type: Not Provided

Comments

  • Hi @joses,

    If sign-in in involves filling a field on the webpage there isn't a way to avoid discovery of the password. Even if you could set a group policy that disabled the Chrome password manager if somebody wishes to see the contents of a password field it's fairly trivial. They could inspect the page DOM, they could copy and paste some JavaScript into the address bar or create a bookmarklet. Our business accounts do support a password not being revealed within either our own web interface or within the native client but once the password is passed to the browser it's outside our control. This holds true of any password manager that fills the field on the page. My main concern with our own permission not to view a password is that it may give a false impression over the protection this offers because we do have to pass the password to another application that we do not control.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file