1Password X Window Displays Too Much Sensitive Information

I am looking to roll out a password manager at my company and have been evaluating Dashlane and 1Password. I don't like having to use a desktop app - it's not what I'm familiar with in Lastpass and Bitwarden, the other PMs I'm used to. So when I was pointed to 1Password X by
Ben in this forum and I tried it out, I thought that had pretty much clinched the deal for 1Password. I really think being able to do almost everything through a browser extension is the way to go.

However, I quickly noticed something that concerns me. The X window displays too much sensitive information by default. This is especially true with Credit Card and Secure Note items. The right pane of the windows displays most of the information about the item and, unlike Login items, key information is not obscured with Secure Notes. Making things worse, in my vault, Credit Cards are the items that show up first in the default mode of Suggestions, and there doesn't appear to be a way to make another view the default.

I think this is a concern in a team environment where somebody could be looking over one's shoulder when the extension window or the web app is open. And it will make it difficult for me to use an actual vault when I'm demonstrating 1Password and training new team members. Even if I create test items to use for training, the left pane of the X extension window and the web app window both display a second line of information below the title in the list of vault items. Sometimes, even this can present a problem.

Those other password managers I'm familiar with don't do this. Vault items are only displayed as a list of item titles. One has to open an item to display any of its content. I understand that it might seem more efficient to be able to see more item information at a glance without using extra clicks, but I think it compromises security.

Is there any chance a future version could allow a setting to limit the display of vault items to titles only?


1Password Version: Not Provided
Extension Version: 1.15.2
OS Version: Chrome on Windows 10
Sync Type: Not Provided

Comments

  • kaitlynkaitlyn

    Team Member

    Hey @jack_inc! That's an interesting concept, and I'm glad you shared your use case with us. I understand where you're coming from, especially with Credit Card items. Having the entire number exposed when you're doing a demo is risky. I would definitely suggest using test items for demos, but I'll go ahead and file this as a feature request for my team so we can consider it when building future versions of 1Password X. Thanks for sharing!

    ref: x/b5x#1281

  • Thank you for passing this along as a feature request.

  • brentybrenty

    Team Member

    Likewise, thanks for the feedback! However, 1Password will only display the account number (which isn't a secret, as it's printed on the card itself) if you select the item to view its details (in the item list, only the last four digits are shown). So you could always not select an item you don't want displayed in the first place, or even, as I'd recommend, create a separate vault specifically for the purpose of demonstration, and add only completely fake information (like a phony credit card) there, or accounts created expressly for demos -- like a throwaway email account, to show login filling. Cheers! :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file