Editing or Creating a password is by default clear text and should be masked

I'd like to edit my passwords through windows client or 1password web site in a masked textbox, not a clear text textbox, by default.
Current UI makes editing/saving of passwords really hard or sometimes (shared screen or open-office environment) impossible.

Environments the issue is occurring: Windows client, 1Password web site. (But possibly every client has the same behavior)

The current behavior is as follows:
When a user wants to edit an existing login's password, the user clicks the "Edit" button, then clicks the "Password" field and the password text is clear text and visible to the user.

This behavior is same for the new login operation (save login) also.

The expected behavior is as follows:
When a user wants to edit an existing login's password, the user clicks the "Edit" button, then clicks the "Password" field and the password text is masked with asterisk and not visible to the user. (There can be an optional checkbox to reveal the password if wanted)

There's a similar post I've found on the exact same issue but despite it's resolution statement, it doesn't seem it's resolved:
https://discussions.agilebits.com/discussion/69123/adding-new-item-shows-password-in-clear-text

The things I've tried:

  • Windows client (v. 73684) > Settings > Security > Conceal Passwords is checked (Had no effect on the behavior)

1Password Version: 73684
Extension Version: 1Password X 1.15.7
OS Version: Windows 10 64 bit
Sync Type: Not Provided
Referrer: forum-search:clear text edit

Comments

  • Greetings @beyti,

    The thread you linked to did result in a change to 1Password for Windows and it is still present in the most recent version, 1Password 7.3.684 for Windows. From the thread you linked to.

    we've shipped an update just now that will mask the sensitive fields by default when you're editing the item. It's not exactly what you want yet with regards to keeping it masked while editing it but it should help in the meantime.

    The bold emphasis is mine. This brought 1Password for Windows in line so that all clients behave the same way, the contents of a password field are only visible when it is the active field during edit mode (or if the user has instructed 1Password to reveal the contents.

    At the moment there is no way to have an actively edited password field remain concealed and as far as future changes I am unaware of anything in this area. While it is something we can consider I don't know that we've seen any level of interest for this level of secrecy but the forum is a good place for others with a similar opinion to join an ongoing conversation like this one if they agree with you.

  • Apologies for resurrecting this thread, by all means happy to log another post but this is bang on what I would want from 1password aswell. I work in a busy office and don't have the luxury of having my back to a wall, there can regularly be people that are able to see my screen or be around my desk while I'm working. Many sites and applications I have used actively mask passwords as you type and give you the option to show the password if you want validation.

    I tried to integrate myself into 1password today and feel concerned while typing that my password is sat right there on my screen in plain-text until I'm finished and scramble to click the next field or save button. I'd think masking it during entry would be a basic feature and wouldn't consider that an extreme 'level of secrecy'.

    Our SCCM software center hosts Keepass, a free open source password manager that masks passwords when entering and allows you to unmask before saving the new entry...


  • ag_michaelcag_michaelc

    Team Member
    edited September 2019

    Hey @richarde90, thanks for the feedback and feature request.

    I get your point about wanting things masked so others near you can't see what you're typing, but I would argue that if you're using 1Password to generate secure passwords for sites, the threat of someone noting and writing down or capturing that password by some other means should be pretty low. Even if you generate the password right within the full 1Password app, a generated password is going to be pretty complex and would take a lot of work to write down accurately. If they're passwords you've previously composed on your own, chances are they could use an upgrade to a complex, random password like 1Password generates.

    Put another way, really the only password you should be typing into 1Password is your Master Password on the lock screen. In all other cases, I suggest generating a password, or if you want to save a password you've already created elsewhere, use the extension to save that password, rather than creating an item manually. :smile:

  • While I do get what you're saying, depending on how many systems you navigate and how secure your passwords already are.. people may want to store passwords they're happy with the strength of or that they don't have the ability to change readily. I completely agree that primarily users should be generating passwords and I would be doing that in most cases, I just still don't see why generated or manually entered passwords wouldn't be masked on creation, it's just another nice feature so no one can look over my shoulder or god forbid snap a photo on their phone if they were that way inclined.

  • Thanks for the feedback, @richarde90. As my colleague littlebobbytables mentioned, we'll keep this conversation open to gauge future interest. :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file