Android beta exposes TOTP secrets when editing logins that have them

dcormierdcormier
edited April 23 in Android Beta

When editing a login with a TOTP field, the value in that field is exposed. Contrast this with the password field which you have to tap on before it is revealed.

On the Mac app (7.0.BETA-9), this field is protected until selected, like the password field.


1Password Version: 7.0.BETA-5
Extension Version: Not Provided
OS Version: Android 8.1
Sync Type: Not Provided

Comments

  • mverdemverde

    Team Member
    edited April 24

    @dcormier Thanks for pointing this out. I think it makes sense to have the TOTP field obfuscated in edit mode until you move the focus to that text field. It's also better to handle things consistently between the clients apps. With that in mind, I'll have my team look into fixing this.

    ref: OPA-1539

  • I think it makes sense to have the TOTP field obfuscated in edit mode until you move the focus to that text field. It's also better to handle things consistently between the clients apps.

    That was my thinking, too.

    With that in mind, I'll have my team look into fixing this.

    Thanks! That's what I was hoping for.

  • brentybrenty

    Team Member

    :) :+1:

  • mverdemverde

    Team Member

    @dcormier I'm happy to say that we addressed this issue when we completed the redesign of the item detail screen. That was a little while ago, but I came across this thread today and wanted to be sure to update you. If you're on the latest beta, you should see the TOTP secret concealed in edit mode, unless the focus is on that particular field. Thanks for reporting the issue!

  • Thanks for letting me know, @mverde!

  • periperi

    Team Member

    :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file