Stored credit card numbers are susceptible to being accidentally shared

HingleMcCringleberry
HingleMcCringleberry
Community Member

I'm really annoyed that I accidentally broadcasted my credit card number while sharing my screen in a meeting because of 1Password. Why aren't credit card numbers concealed like passwords? What further doesn't make sense is that the number is partially concealed in the list of items in the left column, but in the detail view on the right the number displayed in full.

By default, credit card items are suggested for autofill if there's no saved login for a site. That's great for when I'm filling out an order form on a site where I don't have an account yet and I'm expecting to be filling out sensitive information. That's awful when I think I have a login saved for a site and I'm sharing my screen or if someone is shoulder surfing.

As a work around, I can store the number as a custom password field, but in doing so I've realized that breaks 1Password's autofill feature.

Requests to make the credit card number field concealed have been put in as early as 2010. Can we get some momentum going on this request?

https://discussions.agilebits.com/discussion/772/suggestion-hide-credit-card-numbers-not-just-verification-numbers
https://discussions.agilebits.com/discussion/69497/masking-credit-card-number-like-a-password
https://discussions.agilebits.com/discussion/88341/is-it-possible-to-make-the-credit-card-numbers-be-hidden-like-the-verification-numbers-are
https://discussions.agilebits.com/discussion/110518/suggestion-conceal-credit-card-numbers-when-viewing-the-card-details
https://discussions.agilebits.com/discussion/109451/credit-card-info-visible-in-mac-and-ios


1Password Version: 7.4.3
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • @HingleMcCringleberry

    Thanks for the feedback. This is still on our radar.

  • jiru
    jiru
    Community Member
    edited May 2020

    @ag_tommy
    Is this still on the the radar, as it's quite a problem. The only solution is quite literally to not use 1Password.

    Edit: Maybe a quick solution to stop the bleeding is to not show credit cards as a suggestion for a website login. If you think about it, when has a credit card number/expiry ever been a useful suggestion for a website login.

  • Hi @jiru,

    We do have it filed as a feature request, and are tracking the feedback we receive about it. It isn't something that is actively being worked on at this point, though. I have added your comment to the request.

    ref: dev/projects/customer-feature-requests#59

    Edit: Maybe a quick solution to stop the bleeding is to not show credit cards as a suggestion for a website login. If you think about it, when has a credit card number/expiry ever been a useful suggestion for a website login.

    1Password X doesn't differentiate between login forms and e-commerce forms, so you'll see items that are applicable to either on either for now. That is something we're hoping to improve upon in the future.

    ref: dev/core/core#1261

    In the meantime the best I could suggest would be to not open 1Password while sharing your screen, which may be the prudent course even if both of these things are implemented.

    Ben

  • jiru
    jiru
    Community Member

    to not open 1Password

    The only solution is to not use 1Password. Confirmed.

    As a side note, I understand development takes time, but this is a widely known issue. It should probably be passed up the chain of command that the official answer is simply "don't use our product." Not a comforting thing to hear, as a member of the 1Password community/userbase for almost a decade.

  • Understood, @jiru. Thanks. :)

    Ben

This discussion has been closed.