Block users from revealing the password

Miles2007
Miles2007
Community Member

Hi,

I need to block my team from viewing the password from 1Password or copying the password. Noted an incident where a member shared one of the passwords with a member in another team, who do not have access to this particular vault.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Miles2007,

    I think our support page How vault permissions are enforced in 1Password accounts may be what you're looking for. If you have any questions please let us know.

  • Miles2007
    Miles2007
    Community Member

    Hi @littlebobbytables ,

    Found a backdoor. Is there any way to close it?

    When the username and password are filled in the browser, right-click on the password field, select 'Inspect', change the field type from 'Password' to 'Text'. Anyone can see the password, and pass it on if they want.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @Miles2007,

    The term backdoor is quite a loaded one. The fact is there are and always have been limitations to what we could enforce. It's for this exact reason that I've never been a fan of these kind of permissions, not when the eventual goal is almost always to pass the credentials to something outside of 1Password's control. You're absolutely correct, a motivated person can simply inspect the page and it is fairly trivial to obtain the value stored in a field. Once the extension has filled the fields though any control 1Password had has been passed to the browser.

    If the specific browser allows for any level of enterprise control it may be possible to block any sort of development functionality but I'm afraid we've stepped outside of my current knowledge. What you are needing though is the ability to lock down the browser.

This discussion has been closed.