Adding new item shows password in clear text!

mkturing

When I create a new item the password field is a regular text field that shows the password as I type it. This should be a masked field. I do not want anybody looking over my shoulder seeing my passwords!

We work in an open office layout and this is a huge security concern for us. Please fix!!!

---

1Password Version: 6.0.214.d
Extension Version: 4.5.9.90
OS Version: Windows 10 Enterprise
Sync Type: Not Provided

Ben

Hi @mkturing,

Thanks for taking the time to write in. I've moved this thread to our Windows Beta forum as that appears to be the product your feedback is regarding. Thanks for letting us know that this is a concern for you!

Ben

MikeT

Hi @mkturing,

Are you saying when you saved it, the password fields are not concealed or is this only when you're editing an item? The passwords are concealed by default when you're using the default details view but not when they're being edited.

We will try to modify the item editor to conceal all password fields by default and only reveal one at a time while you're editing that specific password field.

It is not feasible to edit a concealed password, there's no system UI component that allows for this, so you will still see a revealed password when you're making changes to it but when you defocus the field, it will switch to be a concealed text field.

mkturing

This is not a Windows version issue. The behavior is the same in all platforms and in the browser. When you add a new item or edit an existing one the password field is not masked.

"It is not feasible to edit a concealed password, so you will still see a revealed password when you're making changes to it but when you defocus, it will be concealed."

Why is this not feasible? It should be trivial. Everybody is doing it. For passwords you put a masked password field and a second one (also masked) to confirm. In fact, I cannot think of any application or service that allows you to enter a password in clear text. See KeePass for example. By default the password is masked when you create or edit a an entry. You can choose to reveal it if you want. (http://imgur.com/a/rfXGk)

Like I said this is a huge security concern. Passwords should never be visible by default.

MikeT

Hi @mkturing,

Passwords should never be visible by default.

Just to make sure we're on the same page, this is the default view when you're not editing an item.

If 1Password is showing you unconcealed fields by default when you're viewing it, you may have configured it to be disabled. To turn it on, click on Settings on top right to select Options. In Options, go to Security > Display, and you should check the box next to Conceal Passwords.

Keepass does the same thing when you click on the 3 dots, it reveals all password fields:

I'm assuming you want us to only show asterisks while you're editing the password blindly? This is the first time I've heard of this request and I'm not sure we have plans to do this, this has technical limitations but we'll look into it.

mkturing

I am not referring to the default view when not editing the passwords. I am referring to the view when you are creating or editing an item.

I would like to see asterisks when I am entering or editing a password. Somebody who is sitting next to me or looking over my shoulder should not be able to see the password.

http://imgur.com/a/HBhH6

mkturing

In KeePass, you have to click on the three dots to reveal the password. If you do not click the three dots the password stays masked even when you are editing it. I would like to see the same behavior in 1Password.

I am surprised I am the first one who pointed this out. Can you please elaborate on the technical limitations? You already have this behavior in the application. When 1Password starts I have to enter the master password. That field is masked.

MikeT

Hi @mkturing,

I've passed on your requests to our team and we'll see what we can do. The first thing is that we will improve the item editor to mask all fields by default but we cannot edit/reveal in the same password field, the entire field has to be swapped out when you need to reveal it, which is why there's a separate button to do this in KeePass but we could be relying on outdated information from Microsoft.

mkturing

Thank you Mike. I appreciate you will be looking into this and I hope to see the functionality in one of the upcoming updates.

MikeT

You're welcome but it is your passion that's making us want to change this sooner and to keep pushing 1Password forward.

Please let us know if there's anything else we can do for you to improve 1Password.

MikeT

Hi @mkturing,

We got a small surprise for you, we've shipped an update just now that will mask the sensitive fields by default when you're editing the item. It's not exactly what you want yet with regards to keeping it masked while editing it but it should help in the meantime.

You can restart the app, wait 10 seconds to get the update notification or you can go to Settings > Options > Update to check for an update.

mkturing

Wow. That was fast! Thank you so much.

Like you said, not exactly what we wanted but definitely an improvement.

Thanks again.

MikeT

You're absolutely welcome! If there's anything else we can do to improve 1Password, let us know.