How to prevent showing password with ALT key?

peter_1pswd
peter_1pswd
Community Member

Hi. How do I prevent 1Password from showing my password when holding down the ALT key?

http://www.iclarified.com/64546/any-mac-app-can-purportedly-record-your-screen-without-you-knowing

Comments

  • Lars
    Lars
    1Password Alumni
    edited February 2018

    @peter_1pswd - Thanks. The short answer is: you can't. In 1Password for Mac, the option () key is specifically intended to reveal passwords -- that's its function. Please see my lengthier answer here in this related thread. In general, however, the best way to prevent such a possibility would be not to disable 1Password functions, but to not use the option key to reveal your passwords. Or, if you must use the option key for another function (such as Option + Command + backslash to reveal the 1Password mini), press the Command key first; then the password you're currently viewing is not revealed.

    ref: OPM-1506

  • peter_1pswd
    peter_1pswd
    Community Member

    The thing is, pressing ALT sometimes happens accidentally. You can't blame a user for accidentally pressing a key which screws up their opsec.
    Please add an option to disable this feature, maybe in some hidden developer settings. The feature is absolutely useless for me and at least one of my colleagues.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @peter_1pswd: We don't have any plans to add additional options to disable or change this feature. If you don't want to reveal a password, simply don't open the 1Password window, don't unlock it with your Master Password, don't select an item, and then also don't press the Option key. If the environment you're operating in is truly that unsafe, I'd argue that the Option key is a red herring; you should perhaps not be accessing sensitive information there at all, or at least be locking and quitting 1Password any time you're not using it. I'm sorry that's not the answer you want, but all four of those actions are entirely at your discretion and within your power.

  • XIII
    XIII
    Community Member

    While I would love to have the regular ALT feature in the Windows version at home, I think there are indeed use cases where preventing the password from being shown would be good. I’m surprised to see that the customer is being blamed instead (twice).

    Example scenario: two developers are pair programming and the one having the keyboard has to log in to a company service to finish a task (on a site which uses a pop up to enter credentials, so 1Password cannot auto-fill via the extension). Hitting the ALT key by accident would reveal the password to his/her colleague who is (without bad intentions) looking at the same screen. Hopefully the password is a long string of gibberish...

  • Lars
    Lars
    1Password Alumni
    edited May 2019

    @XIII - brenty is gone for the day, and I don't usually take it upon myself to speak for him, but I've known him long enough to be certain his intention was not to blame the user.

    Both @peter_1pswd's and your hypothetical scenarios certainly are totally plausible, and I don't want to dismiss your idea out of hand (nor does brenty). But I'm looking at it from this perspective: in 1Password for Mac, you've long been able to click "reveal" in the drop-down menu next to the password field. Many power users wanted a quicker way to reveal a password on the fly, so we gave them a keyboard shortcut. At this point, the Alt key-as-password-reveal shortcut has been in place for so long that I can't even remember when we instituted it. But a large number of our users have gotten accustomed to having it the way it is, and I'm wondering how many people's workflow we would interrupt if we changed it to something else now. I take your meaning with regard to inadvertently revealing a password at the wrong time I'm just not sure there's a solution that doesn't leave an equal or greater number of people dissatisfied or worried about their own opsec, at least not one that doesn't involve either removing the feature altogether or adding yet more complexity to the UI in the form of another preference/setting.

  • peter_1pswd
    peter_1pswd
    Community Member

    Making the feature opt-out would offer a solution for everyone.

    If you don't want to reveal a password, simply don't open the 1Password window, don't unlock it with your Master Password, don't select an item, and then also don't press the Option key.

    That's not my point. The thing is that in the short time window where I do want to copy a password it sometimes happens that I touch the ALT key. And by the way, I do close 1Password once I no longer need it.

    I've been a happy 1Password customer since 2008. Time to move on I guess, such harshness is definitely not what I expected in return...

  • XIII
    XIII
    Community Member
    edited February 2018

    I've known him long enough to be certain his intention was to blame the user.

    You probably forgot the word "not" ("not to blame"). While I do believe it was not the intention, the perception after reading the replies might be different. Alas, communicating on a forum is sometimes hard (at least for me).

    or adding yet more complexity to the UI in the form of another preference/setting.

    For me it would be OK if I would have to use the defaults command on the command line to switch the behavior:

    http://www.osdata.com/programming/shell/defaults.html

    For example:

    defaults write com.agilebits.1password reveal-passwords -boolean NO

    However, I do understand that this might be an edge case and it's not worth the effort.

    (I would use NO at work and YES at home)

  • Lars
    Lars
    1Password Alumni

    @XIII -- It's something we can revisit, certainly -- and we will. I'm just not sure what kind of appetite the will be for changing the current behavior. But I want to thank both you and @peter_1pswd for making your feelings on the subject known. We really do value every single bit of feedback or suggestion we receive, because how the heck else are we going to know what users are really thinking about various aspects of 1Password? ;)

  • blochberger
    blochberger
    Community Member

    I think disabling revealing passwords with the option key (⌥) should be implemented. I regularly use the option key for third and fourth assignment of keys, e.g., when writing the German umlaut ä I press ⌥+u and then a. Revealing the password while simply writing is not something I intent. Avoiding the option key in that case is rather inconvenient as the character map or another application has to be used.

  • Thanks for the suggestion @blochberger.

    Ben

  • simon2
    simon2
    Community Member

    I think you guys and gals at 1Password are dropping the proverbial ball, here. As you know, the "alt" key has been used for decades most notably in conjunction with the tab to switch tasks. Binding it to reveal the password strikes me as a short-sighted idea at its inception, and continuing to keep it that way is concerning.

    Common scenarios where flashing the password can undermine security:

    • Working in a coffee shop and using 1password
    • Sharing your screen with others for a demo using 1password
    • Working at your desk in an open office using 1password
    • Pair programming and using 1password (as previously mentioned)

    ...but really we're talking about using 1password the presence of anyone with functioning eyeball(s) or a screen recording device of any sort. That casts a pretty wide net.

    I use 1password professionally on a frequent basis and at times am doing screen sharing sessions. That I have to retrain my brain not to use alt-tab when using 1password is so obviously wrong, considering 1password is written by a security company, that I wonder what else you choose to overlook.

    It's used extensively through our company and I can't imagine how many time people have flashed passwords unwittingly at others. Sure, maybe none resulted in anything malicious, but please tell me you agree with this statement: having software that easily and unintentionally displays the password on the screen is not in keeping with good security principles.

    It seems to me this this feature should be disabled entirely or made into an opt-in feature, at the very least.

    Thanks and keep up the otherwise great work!

  • @simon2

    I can certainly empathize with your position. In order to make a change (particularly to remove a feature) there is a moderately high bar. One of the primary factors that accounts for that is customer feedback. In the last year we've had perhaps a dozen customers comment on this, whereas some other things we've worked on have had hundreds (or even thousands) of points of customer feedback.

    The situation isn't necessarily that we disagree with your thought process here, it is more a difficulty of limited resources and deciding how we'll spend those resources. Certainly security is one aspect that could in some cases outweigh the lack of demand from customers. After all, as you say, our primary goal here is security. That said, the fact that this was an intentionally designed feature that is documented likely means that it doesn't rise to the level of concern from a security perspective that would cause it to rise to the top of the to-do list.

    I will bring this up with the security team (again) to see if they would have an interest in pushing for this change, but I can't make any promises beyond that. I do truly appreciate you advocating for what you feel is right here, and will give your feedback the consideration it deserves.

    Thank you.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    @simon2: Alt Tab does nothing on my Mac. Only Command Tab does what you're saying.

    Anyway, regardless of the Reveal Password feature (which is important so that people can see their own data!), it's best for a number of other reasons not to open the 1Password window with your actual data when you're showing your screen to someone else (either remotely or in person) because literally all of your other items (and the details of the one selected) will be displayed; better to use demo data for demo purposes. We do that ourselves. No reason to use actual data just to demonstrate how it works. It's definitely worth setting something like that up if you're often doing "a demo using 1password", even if we do end up changing this specific feature in some way.

    And of course we also have a fairly large number of videos you could show to people to save you the time and effort of doing demos yourself:

    1Password - YouTube

    Cheers! :)

  • nealm
    nealm
    Community Member
    edited May 2019

    Consistently seeing @brenty speak dismissively about simple changes that users request is making me regret my subscription.

    Is it really that hard to add a feature toggle, or allow users to rebind shortcuts??

    Come on guys, surely you can do better than this?

    If you've got such a challenge with implementing features and bug fixes, that something like this gets treated dismissively by your forum support staff, then there are serious issues with your development and operations workflow :(

  • Lars
    Lars
    1Password Alumni

    @nealm - thanks for the feedback.

    Is it really that hard to add a feature toggle, or allow users to rebind shortcuts??

    Probably depends on the toggle, checkbox or other option in question, but in every case there is certainly some overhead of developer/designer time and attendant re-prioritization of other work. On the other hand, no, it's not hard to see every user request as another opportunity to try to please all of the people or account within the software itself for every potential use-case...which tends to result in wonderlands of "functionality" like this one from the not-too-distant past:

    1Password is a "pro"-level app in the sense that it offers a very high level of security and can be a central part of even the most demanding digital security setups. But it will never be a "Pro" app in the sense that Photoshop or similar apps are: high-learning curve apps designed for "power users" with every feature under the sun available directly in the UI. We try very hard to get the UI of 1Password as "right" as we can. I put "right" in quotes because it's a moving target; our own thinking changes, technology changes, new features or security threats must be taken into account, and numerous other variables all go into the end result you see when you use 1Password. We're also the first to admit it's definitely not perfect; never has been and never will be, not least because no two users will have the same needs/wishes/definitions of what "perfect" would look like. One thing that does remain consistent is the high bar we put on adding yet another toggle/checkbox/preference to 1Password's UI. Complicated/opaque/off-putting security software is security software users just won't use...or purchase. So while it's certainly tempting to try to be all things to all people and say "yes" to all requests or at least as many as we can by just adding yet another toggle/option/checkbox each time, we think very long and hard before we do any such thing.

  • blochberger
    blochberger
    Community Member

    I understand that it is not easy to add/remove features based on a few users requesting it. IMHO, if displaying sensitive information is so easy that it happens by accident, it is not only a usability but a security issue and should be addressed.

  • Lars
    Lars
    1Password Alumni
    edited May 2019

    @blochberger - the difficulty of adding/removing things varies on the thing in question, not on how many users want it. If there is a particular feature that we think is a good idea and we get a ton of user requests for, then that's likely to be prioritized even if it's unusually complicated or difficult and time/resource-consuming. On the flip-side, just because it might be comparatively easy to add a different feature/function, we don't do so just because it's low-overhead in terms of developer/designer time. It has to fit the overall goal and approach we've mentioned elsewhere, consistently: making the best password manager we can, not the one with the most features.

    Having said that, we'll continue to evaluate (and of course happily continue to accept feedback and user experience regarding) this particular issue. I can't say whether it will result in the changes you'd like to see, since using the Option key in 1Password for Mac as the keyboard shortcut for revealing your password quickly has been a part of 1Password for many years. That's a lot of users who've developed that habit, and not-insignificant cognitive load to change it. I can't say it won't change, but I did want to push back a little on the idea of the Reveal Password keyboard shortcut being a security issue. Another one of the things we've consistently said around here is that security is a process, not a product. That means active involvement from the user, both on a strategic and an everyday level, is the largest factor in ensuring the highest level of security -- but even these definitions are user-specific. Only you can determine what your own threat profile is and what practices make sense to pursue. If you actually are Edward Snowden, for example, then an example of good strategic opsec might include housing your electronics in a TEMPEST-shielded rack mount enclosure, and an example of everyday opsec might be doing this whenever you enter your Master Password:

    For most of the rest of us, a more realistic example of strategic thinking about one's security would be on the order of choosing a good Master Password and not sharing it with anyone -- but writing it down somewhere safe in case you forget it, or saving your Emergency Kit, and an example of everyday involvement in one's own security might consist of not using certain features of critical software in hostile environments, such as where shoulder surfing or video surveillance might be expected. 1Password can certainly be a central hub of a well-thought-out security strategy...but it can't keep you safe 100% of the time under any conditions, regardless of how you choose to use it.

This discussion has been closed.