Request: More flexible selection when looking up logins from an app
Use case: A third-party login prompt from inside an app. 1Password only shows the login of the app, but doesn't allow a way to retrieve the third-party login.
Example: Using a money-management app, you can link a bank or credit card. To do that, you log in using your bank credentials. When I tap 1password from the keyboard, it only shows the money-management app login.
I don't mind it defaulting to it as an assumption, but would like some way to back out of that into a more general list.
Details: I have iOS default to 1password for keyboard password retrieval instead of the system default.
(Sorry if this was a double-post, wasn't sure how to look up this particular topic)
1Password Version: 7.3.6
Extension Version: Not Provided
OS Version: iOS 12.4
Sync Type: 1password cloud
Comments
-
Hello @phonghtran,
You're right that currently 1Password for iOS does not allow for searching of arbitrary Login items when an app provides an associated domain. The reason is we only ever want to present items that legitimately are allowed to fill. This is our primary barrier to protect against phishing attempts. In 1Password for Mac and Windows you can search in 1Password mini but that is because on those platforms we can perform what we call open-and-fill where we open the stored URL and then fill with the Login item. That isn't possible on iOS so we removed the search option.
My concern here is the use case is very narrow but what if we're opening up the users to a risk of being phished that 1Password previously protected against?
If you trust the app/site/service you could add its URL to your bank items so they appear as a match. Otherwise you will be limited to copy and paste, switching between 1Password for iOS and the other app.
I do appreciate from a usability perspective why this would seem like a nice idea but I do have concerns from the security side and if the two butt up against each other we will favour security. I hope you understand why given the sensitivity of the data we all put in 1Password.
0 -
LastPass has this feature. It shows the URL it's searching for at the top and you can clear the URL and search for your own. This is my primary use case for iOS 1password. I really like 1password, but this is annoying enough to have me considering switching back to LastPass. Is there some way this can be a toggle with a scary warning or something?
Thanks!
EDIT: this would also help solve the issue with some apps not providing an appropriate URL (page.click instead of the website URL for example).
0 -
While "LastPass does it" will never be reason enough to do or not do something in 1Password, we are evaluating how we can best remove friction from these sorts of situations while still providing messaging about the potential for phishing. :) I don't have anything more concrete than that to share at this point, but it is something that is on our minds.
Ben
0 -
I see this was recently implemented. Great!
0 -
Yes indeed. :) We wanted to alleviate some of the difficulty this problem was causing without impacting the security of 1Password's filling (hence the warning when doing so). Fortunately I think we were able to strike a reasonable balance and hopefully this will be smoother going forward. :+1:
Ben
0