Hidden password generation
Is there a way to generate the password for a login without ever showing it on the screen?
I cannot find a reason to show the generated password. But with all the cameras in public places I don't feel comfortable having the password on the screen even if it is only for a short time. Someone could easily pause the recording and read the password.
1Password Version: 7.3.712
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Generate password hidden
Comments
-
If ever we could ensure a perfect password that fits the site's or app's requirements every single time without fail, @renklus, perhaps we'd be able to do something like this. As it stands, though, every site has different password rules and restrictions and while some of these can be enforced within the generator, like password length and using symbols/digits or not, not all of them can and generating a password the site won't accept is still a risk we have to address. In addition, there are sites where you can neither paste nor fill the generated password making it sadly necessary to type the thing out yourself. These have certainly reached a point where they're the exception, not the rule, but it's enough of a problem that our primary goal when making improvements to the password generator is to improve upon this very issue.
While this is certainly a risk, it's also an extremely small one. Any threat from a password briefly visible on your screen being captured in this manner would require that there's a camera positioned properly to capture that password, that someone with access to that footage targets you personally, and that gaining access to your account is important enough to them to take on some fairly substantial risks of their own by accessing that footage for this purpose in the first place. Targeted attacks on individuals are themselves exceedingly uncommon. Certain categories of people do need to worry about these risks – take dissidents in countries where dissent is less tolerated, journalists covering issues important to state actors, and members of governments as just a few examples – but the vast majority of us will never see any attacker target us personally. To the extent we're targeted at all, the greater risks are attacks that cast a purposefully wide next, like phishing attacks or blackmail scams, not something so complex as pulling a password from video footage.
With that said, we all have different threat models and while 1Password isn't going to (and can't) protect you from every threat that might concern you. Despite that, it's a far sight better than creating passwords yourself and typing every time. In that case, your passwords are likely to be more guessable in the first place and watching your fingers is going to provide a far easier means of capturing that password than the short period of an extremely long and random generated password being on your screen will. We certainly appreciate your feedback and I'll be sure to pass it along to the team, but for now your best bet is to take whatever precautions you feel are necessary to protect yourself. Sit with your back against a wall so your screen is more likely to face a blind spot for cameras, or generate passwords on a mobile device where hiding your screen entirely is more practical. And, if concealing generated passwords is an option that's practical for us at any point, we'll certainly consider adding it in a future update. :+1:
0