Apple Watch feature request - selectively share which items in an entry to expose

I'm not sure if this is available and I can't figure it out or if it's already be requested (search brings up way too many results)... but:

It'd be awesome to expose only a single part of a 1Password entry. E.g., I have a one-time password for a site I keep in the same item/record as my password. I don't want to expose anything but the one-time password to the iOS keychain...

Thoughts?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:apple watch share single item

Comments

  • brentybrenty

    Team Member

    @Aaron Gibralter: Most people seem to want to see more information in 1Password on Apple Watch, but I happen to have a similar desire to your own: to pick and choose specific bits of information to display there.

    And while I can't say for certain if or when this feature might make its way onto our Watches, we're exploring a number of customization options — especially with watchOS 2.0 on its way soon. Thanks for the suggestion! :)

  • :smile: hah, I can imagine. I can imagine it's tough to balance all the requests! In any case, thank you for getting back to me.

  • chrisdjchrisdj AgileBits Support 1Password Alumni

    @Aaron Gibralter: I just wanted to chime in to say that a Login item with TOTP added actually only sends over the TOTP part.

    Basically, if you add a Login item with no TOTP, it displays the username and password. If it has TOTP, only the TOTP code comes over, and generates a new code on the Watch every 30 seconds. So, your particular use case already exists!

  • @chrisdj Oh, that's cool—does that mean only the TOTP becomes "less secure" by being placed in the iOS keychain? Or are all the fields passed under-the-hood? (I guess I'm being a bit paranoid for perhaps no good reason.)

    Thank you!

  • brentybrenty

    Team Member

    @Aaron Gibralter: Sorry for not being more clear! I wouldn't say "less secure", as iOS has a solid security model — other apps simply cannot access your 1Password data (or that of another app entirely) because each has it's own encryption key protecting its data.

    However, unlike 1Password for iOS, in the case of Apple Watch, your 1Password data there is not also protected by your Master Password. Because Watch 'apps' actually run on the phone and transmit their data using Bluetooth, 1Password cannot encrypt and decrypt data there it's essentially a viewport. But again, your 1Password data there is still encrypted using the app's unique key. I just want to make it clear that your Master Password cannot be used there to protect your data.

    You can read about this in more detail in our knowledgebase, but essentially any data that 1Password puts on your Apple Watch is still protected and sandboxed from other apps; and in the case of the TOTP, those are even more secure because the code is continually changing. I hope this helps! :)

  • Ahhh I didn't get down to this part before: "Only the one-time code is available on the Watch, as the long term TOTP secret remains on your phone. Your password for that particular Login remains fully protected by your 1Password Master Password." Thank you!!!

  • brentybrenty

    Team Member

    @Aaron Gibralter: You're most welcome! It can sometimes be hard to find the one particular piece of information you're looking for, so we're always here to help if you have any other questions as well. Cheers! :)

  • @brenty thank you again! I just want to point out that the end of the article is a little confusing as it doesn't reiterate the point about TOTP. The part where it says "In addition to those, different details are written for different categories" does not include any mention that "Logins" with TOTP will not write username/password to the iOS keychain (which is the behavior, correct?).

  • brentybrenty

    Team Member
    edited November 2015

    @Aaron Gibralter: Any time! Thanks for the feedback!

    I've looked this over again just now, and I see your point. While it isn't live yet (perhaps early next week), I've made the following changes to the Watch security knowledgebase article (in bold):

    Toward the beginning (in the TOTP section):

    When a 1Password item containing a TOTP secret is added to Watch, the username and password for that item are not saved to the iOS keychain with the TOTP secret (and therefore only the TOTP code will be displayed on the Watch). Your password for the Login remains fully protected by your 1Password Master Password.

    Toward the end (following the table):

    *If a TOTP secret is present in the Login item, the username and password are not sent to the watch, only the current TOTP code.

    Please let me know what you think! :)

  • Looks Great! Thank you again!

  • chrisdjchrisdj AgileBits Support 1Password Alumni

    You're welcome, @Aaron Gibralter!

This discussion has been closed.