Credit Card item has password generation on the PIN field

lilyball
lilyball
Community Member

I have an old Credit Card item that I was updating today. I noticed I never entered my PIN, so I filled in the PIN field. Upon saving, I was quite surprised to see that it labelled that field as "Weak". When going back into editing, I also noticed that it offered a gear button, and pressing that button immediately overwrite my PIN with a generated password.

After switching to another entry and back, the "Weak" label was gone, but editing it still gives me the password generation for the PIN field.

If I create a brand new Credit Card item, I don't see the password generation option for the PIN field.


1Password Version: 7.2.5.BETA-1 (70205001)
Extension Version: Not Provided
OS Version: macOS 10.14.2 (18C54)
Sync Type: Teams

Comments

  • Lars
    Lars
    1Password Alumni

    @lilyball -

    If I create a brand new Credit Card item, I don't see the password generation option for the PIN field.

    hmmmm, that's quite odd. I just created a test credit card item in my own account and had the usual, expected behavior. The PIN field has always been a password field, since that's the only field-type that we obfuscate by default. It's something we've always had a notion to alter - maybe create a dedicated PIN field-type - but it's always been on the "someday, maybe" list for us, since the current setup works pretty well, if not perfectly.

  • lilyball
    lilyball
    Community Member

    I have 2 credit card items in my account right now. One shows the password generation for PIN, one doesn't. I just copied the JSON for both and they're different.

    The broken one says

    { "k": "concealed", "n": "pin", "v": "1234", "t": "PIN" }

    The correct one says

    { "k": "concealed", "n": "pin", "v": "‪‬1234", "t": "PIN", "a": { "generate": "off" } }

    Incidentally, 1Password on iOS seems to ignore this and shows the password generation options for both.

  • Hi @lilyball,

    That's certainly not right, so we'll want to see if we can track down some more information about how that item was created. Do you happen to know its origins? was it imported from outside of 1Password? created with 1Password for Mac, iOS, Windows, Android? if it was a recent creation and to a 1Password.com account its possible to tell what platform the item was created on, if that's the case we'd want to take that conversation to email.

    Given that you've gone and traced the JSON you have probably already figured out how to create a repaired copy of the broken one.

    Super weird that 1Password iOS doesn't listen to that setting. I'll get that added.

  • lilyball
    lilyball
    Community Member

    I don't know what platform it was created on. I do know the broken one says it was created May 16, 2016, and the working one says it was created Oct 14, 2014.

    Incidentally, if I create a Credit Card item on iOS and then copy the JSON on macOS I get

    { "k": "concealed", "a": { "generate": "off" }, "n": "pin", "t": "PIN", "inputTraits": { "keyboard": "NumberPad" }, "v": "1234" }

    So this turns off generation as well (even though iOS ignores that), but it also has this inputTraits key that the others don't. Creating a brand new Credit Card item on macOS also has this new inputTraits key.

    Which is to say, both existing items are still broken in a sense, because they both are missing this new inputTraits key which I assume affects iOS. That said, in testing, the iOS app actually seems to be ignoring this, because editing the PIN field gives me the normal keyboard. Oops.

  • rudy
    edited January 2019

    @lilyball,

    Thanks for finding those. Barring review delays those changes should be in a future beta/release. I don't want to say the next beta, because we're on a boat right now.

    inputTraits is really only used by the iOS version in order to inform what kind of keyboard input settings to apply to the field. So the Mac version definitely sets those so that when viewing that item on iOS it does the right thing. The problem there was that the concealed field was being treated differently and not having those traits applied to the field.

This discussion has been closed.