I want to use auto-complete to fill in fields in 1Password. Seems to be disabled?

wealthychef

When I am filling in forms in 1Password, it asks me for things that I have saved in my auto-complete with OS X and with Alfred. Normally, for example, if I type "wc" it will auto-complete my email address. 1Password seems to not allow this. Can I make it so that this works? I hate typing my email address etc, that's why I have these shortcuts. Thanks!

---

1Password Version: 7
Extension Version: Not Provided
OS Version: 10.15.1
Sync Type: cloud
Referrer: forum-search:I want to use auto-complete to fill in fields in 1Password. Seems to be disabled?

Lars

@wealthychef - there aren't a lot of things around here we give a hard "nope" to, but that's one of them -- it's quite intentional that we don't allow for clipboard reading/expansion tools inside of 1Password, for privacy and security reasons. Anything that can modify your items there can also read, exfiltrate, etc. It's too big a security issue for all users for us to allow access to such system utilities/programs, for the comparatively few users who want such a convenience feature. Sorry to disappoint. Although you can't use such tools as Alfred within 1Password's edit mode, you can indeed still paste into nearly any field, so copying out of a repository of such "snippets" and then manually pasting will function as a workaround. Hope that helps! :)

wealthychef

I thought you might say something like that. :-) I disagree with the idea of protecting users from themselves, because I think you cannot possibly know all the angles from where you are sitting. But I get that's your belief, so thanks for the workaround. Please consider changing your well-meaning but malignant paternalism and allow an "Advanced" setting that permits changes by authorized programs for users that want this. When I hear a hard "no" I think "I wonder if there are any alternatives..." Thanks!

Lars

@wealthychef - you should absolutely use whatever product you feel suits your needs best, even if that's not 1Password. That's why there's multiple alternatives out there; because no one solution is going to best suit everyone's needs/desires/use cases.

There aren't very many issues we have this firm a stance on; most things fall into a category where multiple, changing factors weigh on the decision, like how many users would be affected by a given feature, how many want it, other priorities, available developer cycles, etc. But at our core, we are a security company, and that means there are some things we just don't leave up to the user, like allowing blank or one-character Master Passwords. Any user searching for such a product isn't after a security offering, but a convenience offering or a browser filling assistant. And there are certainly products out there which will fill that role; 1Password just isn't - and won't ever be - one of them. Allowing all processes which function as clipboard manager/UI assistants (which could include potentially malicious processes) to read, write/change and exfiltrate data from within 1Password falls into the same category. It's just not something we're going to offer. Good luck in your search. :)

wealthychef

Of course, I am not asking for your straw man "Allowing all processes which function as clipboard manager/UI assistants (which could include potentially malicious processes) to read, write/change and exfiltrate data from within 1Password." I'm just asking for 1Password to let one application automatically populate SOME fields, under user supervision and explicit consent. Such as username, email address, etc. You could put a default lock on any critical features too if you wanted. Or put an "allow auto-completion in this form" checkbox. Lots of secure ways to do this if you wanted, there is nothing inherently insecure with this concept. Based on your reply, I believe it's your idea that in order to give any access you have to give full access which is incorrect. Please reconsider. :-)

Ben

Thanks for the feedback, @wealthychef. To enable that we would need to disable Secure Input for those fields, which opens them up to being read by malicious processes. Secure Input is either on or off. There is no way for us to say "it is okay for [application x] to read/input these fields, but not okay for [application z]." That functionality just doesn't exist at the OS level. As such this isn't something we're going to be able to do.

Ben

wealthychef

OK thanks for engaging with the issue! 1Password is a great product overall.

Ben

Thanks for the kind words. :)

Ben

wealthychef

Keep up the good work and have a great day

Lars

:) :+1: