Share to clipboard or other way to copy whole item card

@mishamsk, @MrC: While it's certainly something we can consider, I think it's unlikely that we go this route.

As pointed out initially, you can get the same result by copying the data using other methods. We actually removed most of these for a while because many people assume that this is secure. It isn't, and clearly you know that if you're using a secure channel to transmit sensitive information. But this isn't what most people do, and they trust 1Password to always be secure. Copying to the system clipboard where anything — including malware and clipboard managers — can access it really isn't.

That said, I won't say never. We really didn't think we'd be bringing back insecure sharing in any form, but if there's a lot of interest it may be possible. In the mean time though, there are other ways to transmit data. It's a slightly higher friction point, but in cases where the user is asking 1Password to do something insecure (think plaintext export) I think that a little friction is not such a bad thing.

I see the point but why do not you disable all sharing options then? Sharing to mail as it is implemented now will also expose data to malicious software.

@mishamsk: Honestly we have insecure sharing again because a lot of people told us they missed it when we removed it. So we added it back with a warning.

Plus I doubt anything can be done to secure 1p data if a laptop is infected and especially if Android device is compromised.

Excellent point!

It seems more valuable to raise general awareness (e.g. provide security prompts, ask for explicit opt-in for particular functions etc.) wherever complete security may not be enforced on your side. Copying to clipboard is one such thing since you'll have to keep this functionality until there going to be another way to input data for 99% of use cases...

I agree, but at the same time prompts are not really a much better user experience either. They're just plain annoying, and slows you down when you're trying to get something done, but it's something we consider. I just wish there were a solution either way that wasn't bad.

@brenty - you asked for my recommendation / thoughts. 1Password is a password manager, not a larger scope security product. We purchase it to essentially better protect, hide our (semi-) secure data, make it easier to use online, but not to prevent us from using it they way we need to.

@MrC: Absolutely.

While it is very important that 1Password operate as securely as possible, it also must operate in a practical fashion. AgileBits keeps trying to prevent users from doing things that AgileBits deems inappropriate or "insecure*. But AgileBits often operates in a vacuum, an unnaturally simplistic world-view if you will, one divorced from the larger context of the real world, with its real world requirements.

That's a fair criticism, even though I don't it's entirely accurate. I see where you're coming from. But honestly if we operated in a vacuum, we'd care a lot less (or at least be less aware) of the perception that we create with every decision we make. I know some folks may have something else in mind entirely when I talk about "perception", but here I'm not talking about unpopular choices

For example, Credit Cards. These are inherently HIGHLY insecure devices. Several times a day, we give these financial instruments to complete strangers. This is the largest source of compromise to this very sensitive information. Yet AgileBits feels compelled to prevent me from copying the data to my personal system's clipboard because it feels the data is too sensitive, because my system might be infected with malware. This is like polishing a turd.

While I'm not sure I agree with that sentiment, you're absolutely right about credit cards. After all, unless it's used for debit transactions, I can pretty much throw my card out the window and call the bank and I won't be responsible for the charges. Still a huge pain, and potentially devastating short-term, but it's a problem with a solution already in place, true enough.

But I think it's important to keep in mind that 1Password doesn't make value judgements about your stored data, to say use "weak security" for some items and "strong security" for others. Doing so would be programmatically burdensome, and it would cause the user to have to stop and think which "security level" to set for each item, and worry that they'd set them all correctly. Instead, 1Password treats all of our data with the best security it has (with some concessions to over-the-shoulder privacy, such as masking fields).

After all, maybe I don't care too much if I accidentally paste my full credit card details into a Reddit thread, but I can bet you someone else might — if only because of the stress and hassle involved in canceling, fraud reporting, and updating card information when the new one comes.

We can say similar things about an Identity. Let me copy / paste the entire Identity. There is nothing in there that cannot be quickly found by doing a Google search on me. And any infection I have most assuredly can read my Contacts.

Again, that makes sense, but I think you and I come at this from a different perspective than a typical user, by virtue of the fact that we're heavily invested in 1Password to the point that we participate in discussions like this in the first place. I know a lot of people who would flip out in these sorts of cases. And I think those are the people that we need to think of the most, since super techy power users aren't the majority (and perhaps never will be).

Any my secure Notes: AgileBits suggests this is a general purpose, catch-all category where data may be private or just important (but not necessarily confidential). Surely I should be able to copy an entire entry in one shot (title, tags, notes content). Yet, AgileBits has adopted the simplistic, easy to implement approach of ALL or None. This isn't in the customer's best interest.

That's a really good point. I think a strong case can be made either way, and that's why we err on the side of security. I'm sure there's room for improvement, but it seems to me that copying and the accidentally pasting part of any item somewhere undesirable (email, Skype, etc.) is much better than pasting the whole thing. Secure Notes, as you noted, may be exceptional in some ways since the bulk of it is in a single field. But I'd much rather send a password or credit card number (without URL or expiration, respectively) to the wrong person accidentally than the contents of an entire item.

Or my Memberships - I hold medical insurance, etc. there, and routinely need to copy/paste the fields one by one, going back and forth, only to have to send it via email anyway, or print it out to bring to a physician's office.

That's an excellent example. I have an idea here, but I'll save that until the end.

AgileBits tends to operate in a restrictive world, one that imagines there is only the user, his/her computer or gadget, and the web. But we all live in the real world, and our 1Password held data is meant to be used or shared in real ways. Today, this occasionally still means printing, or copying / pasting, or sharing. But AgileBits feels compelled to prevent us from doing so, ignoring the real world requirements users have (i.e. Never Print - too dangerous, despite the requirements of seniors, their caretakers or end-of-life planning, Never Share - too insecure, despite the necessity of being able to to quickly share and transmit chunks of data to others, etc.).

With regard to printing, I think you may be right, going back to your original point about being in a "vacuum". I own a printer, but I'm looking forward to getting rid of it soon. I think I've used it once this year to print, though I use it slightly more often for scanning things so I can get rid of all the paper. I'm sure that I am not emblematic of everyone here at AgileBits, but it does seem that we're generally more paperless-inclined than perhaps others are. And I think it's fair to admit that this is reflected in the import/export/printing capabilities of 1Password. You probably have a better sense of those shortcomings than anyone in the world. It just isn't high on our priority list. But at the same time, apart from our own personal leanings, if we had loved ones and customers clambering for improvements in these areas, the priority is much higher. I'm not saying that there isn't interest, only that those we interact with daily are more interested in other things.

You suggested that a PDF is no less secure - it is, far more. It is a real document, that gets saved to the filesystem, and users routinely forgot about these temporary documents, or save them in some location they can't recall (this is very common), or that get picked up by possibly insecure backups such as Time Machine for permanent insecure storage. There are simply more vectors of insecurity, and more steps involved, more complexity then the usually transient copy/paste (I'm ignoring clipboard managers, etc. since these are essentially fringe cases / users).

As you point out, it really depends on the user. PDFs support encryption, but of course the user needs to know that and choose it. There are certainly a lot of factors to consider. While I agree with you that it's more complex an issue, it's also much harder to accidentally share a PDF with the wrong person than it is to paste some test and fire off an email. It's certainly happened to me.

We're asking that AgileBits gives us the tools we need, AgileBits keeps responding by giving us the tools that prevent us from accidentally shooting ourselves in the foot by crippling the trigger when the gun is pointing downward.

I feel like the "vacuum" argument cuts both ways. Certainly, we are each limited in our perspectives based on our own experience personally, with loved ones, and with other users. Ultimately we're responsible for considering those who don't have a voice in discussions like this, and there are a lot of them out there. I'm not saying we get it right. There's certainly room for improvement. I just think it's easy (and natural) to equate "this is the tool I need" with "this is the tool that everyone needs". And you bring up some good points that apply more broadly than even this discussion. I really appreciate you taking the time to share all of this.

But this is what I was thinking after your example above, with the Membership: What about a menu option to copy the whole thing, maybe similar to "Copy JSON", only without the JSON? What we really are after is not having people unknowingly copy an entire item's contents, forget about it, and paste it somewhere awful or have it gobbled up by another app. It seems like making it possible wouldn't be so bad if it's intentional. I can't promise anything here, but it's just something that popped into my head reading your thoughts. Let me know what you think. :)

@mishamsk: I agree that education is crucial. Unfortunately there are only so many of us...but that's why we're so grateful to have folks like you out there helping, in the forums and beyond. I think there are legitimately three distinct views in this conversation alone, and that's awesome! I'm really glad you brought this up. :)

@MrC: I wasn't trying to refute you or argue with you, merely to present another point of view. I agree wholeheartedly with your stance on Big Brother government, and that the blog post (and its context) is truly relevant in that regard. But they don't seem to apply to this conversation. I feel like between your legitimate desire for 1Password to better meet your needs and your righteous anger at privacy violations on the part of authorities, you're conflating design decisions in an app with a police state. I think that's a bit extreme and not really a fair comparison. The former is a tool you can use to make your life easier (password manager); the latter wants to use you as a tool to make their lives easier (law enforcement). And I feel strongly that if we confuse the two, it diminishes a much larger, more important issue. We have to make decisions about the design, and while you may not agree with all of those decisions, I don't think that raises this to the same level. A convenient way to copy an entire item (JSON notwithstanding) isn't a fundamental human right; privacy and security are. I'm glad we're having this discussion, but I think it's worlds different than the one we're having in the world at large. I understand this may feel the same, but if we're looking at it objectively there are significant differences. We really just don't have that kind of power. Should AgileBits ever have that kind of power? Perhaps not. Regardless, we aren't seeking it. This is an incredibly salient point though:

History has shown time and again - it is almost axiomatic - when you take away people's freedoms, rights, or choices, they will always find other (more harmful) workarounds.

And that's the reason why we spend a lot of time discussing things like this, both publicly and privately, because there is no clear-cut solution; we have to continue to evaluate things and try to strike the best balance. We can't have 1Password do everything for the user, so I don't think this is a matter of personal freedom. You can still do whatever you want, and just because we're not facilitating all of it doesn't mean we're robbing you of your freedom. But certainly we want 1Password to make people's lives easier. But one person's life is made easier by a feature because they understand the security ramifications, and another's is made harder because they don't. I think there's a middle ground somewhere between features, education, and caution. I'm certain we haven't found it exactly, and that's precisely why discussions like this are valuable. I think it's beneficial for all of us to push back and say "Wait a minute", instead of everyone taking a side, fortifying their position, and sitting on their little hill, alone.

The "Big Brother version" of 1Password would store your data and you'd have to ask to get it out — and perhaps be denied. We try to make it possible for people to secure their data, access it conveniently without "shooting themselves in the foot", and get it out when they need to. You can do all of that, but it isn't always as easy as you'd like. We believe that the user should be able to take an action with 1Password and take for granted that it is not putting their security, and that in cases where it could it needs to be clear. We're not perfect though, and there's always room for improvement. I understand this frustration, that this is a particular need 1Password does not fill, and that the way things work now isn't ideal for everyone. As I'm sure you know, there are a lot of other things we need to do as well that compete for our attention. But it sounds like a menu option (perhaps with a warning) to copy item details may be a compromise that could help people, so I've filed a report based on this discussion so we can consider it for a future version. Thanks for taking the time to share your thoughts on this. :)

ref: OPM-4661