Stored credit card numbers are susceptible to being accidentally shared
I'm really annoyed that I accidentally broadcasted my credit card number while sharing my screen in a meeting because of 1Password. Why aren't credit card numbers concealed like passwords? What further doesn't make sense is that the number is partially concealed in the list of items in the left column, but in the detail view on the right the number displayed in full.
By default, credit card items are suggested for autofill if there's no saved login for a site. That's great for when I'm filling out an order form on a site where I don't have an account yet and I'm expecting to be filling out sensitive information. That's awful when I think I have a login saved for a site and I'm sharing my screen or if someone is shoulder surfing.
As a work around, I can store the number as a custom password field, but in doing so I've realized that breaks 1Password's autofill feature.
Requests to make the credit card number field concealed have been put in as early as 2010. Can we get some momentum going on this request?
https://discussions.agilebits.com/discussion/772/suggestion-hide-credit-card-numbers-not-just-verification-numbers
https://discussions.agilebits.com/discussion/69497/masking-credit-card-number-like-a-password
https://discussions.agilebits.com/discussion/88341/is-it-possible-to-make-the-credit-card-numbers-be-hidden-like-the-verification-numbers-are
https://discussions.agilebits.com/discussion/110518/suggestion-conceal-credit-card-numbers-when-viewing-the-card-details
https://discussions.agilebits.com/discussion/109451/credit-card-info-visible-in-mac-and-ios
1Password Version: 7.4.3
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Thanks for the feedback. This is still on our radar.
0 -
@ag_tommy
Is this still on the the radar, as it's quite a problem. The only solution is quite literally to not use 1Password.Edit: Maybe a quick solution to stop the bleeding is to not show credit cards as a suggestion for a website login. If you think about it, when has a credit card number/expiry ever been a useful suggestion for a website login.
0 -
Hi @jiru,
We do have it filed as a feature request, and are tracking the feedback we receive about it. It isn't something that is actively being worked on at this point, though. I have added your comment to the request.
ref: dev/projects/customer-feature-requests#59
Edit: Maybe a quick solution to stop the bleeding is to not show credit cards as a suggestion for a website login. If you think about it, when has a credit card number/expiry ever been a useful suggestion for a website login.
1Password X doesn't differentiate between login forms and e-commerce forms, so you'll see items that are applicable to either on either for now. That is something we're hoping to improve upon in the future.
ref: dev/core/core#1261
In the meantime the best I could suggest would be to not open 1Password while sharing your screen, which may be the prudent course even if both of these things are implemented.
Ben
0 -
to not open 1Password
The only solution is to not use 1Password. Confirmed.
As a side note, I understand development takes time, but this is a widely known issue. It should probably be passed up the chain of command that the official answer is simply "don't use our product." Not a comforting thing to hear, as a member of the 1Password community/userbase for almost a decade.
0
