Lack of classic extension?
It appears 1Password 8 drops support for the classic browser extension (the "desktop app required" one). Is this the case?
1Password Version: 8 early access
Extension Version: N/A
OS Version: macOS 12.0 Beta (21A5294g)
Comments
-
Yeah, seems like now you'll need to use the disconnected 1Password X-based extension. A downgrade, in my opinion.
0 -
Yeah, seems like now you'll need to use the disconnected 1Password X-based extension.
Just so you know, we added desktop app integration to the new 1Password in the browser integration a few months ago, if you would like to try it ;)
0 -
This is still a downgrade in my mind. As many folks on this forum have said, the biggest draw to 1Password for me is the native experience, and this is not that.
0 -
@ag_ana I can't seem to use my Command + \ shortcut though?
0 -
I think you are looking for Shift Command X for 1Password in the browser.
0 -
Extensions in Safari went through a few iterations. The original extensions were removed in Safari 13 and replaced by Safari App Extensions.
Now we have the newer Safari Web Extensions that were introduced at WWDC last year. This is the technology that the new 1Password for Safari is using. This is also the technology that is coming to iOS and iPadOS later this year.
0 -
@ag_tommy I don't think so, the shortcut I use is
Command + \. That's not working for me.I'm also using Firefox, not Safari.
0 -
I don't think so, the shortcut I use is Command + . That's not working for me.
I'm also using Firefox, not Safari.@george_perez Just tried to use ⌘+\ in both Safari and Firefox and it was successful. Is there a chance you have more than one login saved on that website? At the moment, it would only work when there is a single item, we hope to get it fixed soon.
0 -
I see there was an update available now, seems to be working for me. Any chance on clarification why it only works on single-matching items?
0 -
That's a known issue at the moment, @george_perez. The default behavior is to automatically fill your item, rather than opening a menu, but if there are multiple matching items we need to show a menu and that's not wired up yet. We'll get it fixed.
ref: dev/core/core#9376
0 -
I absolutely detest the 'inline' UI. It covers up important fields, and risks a user entering part or all of their master passphrase somewhere else on the form.
Worse, it's only a matter of time before a malicious site takes the next step and pops up a completely fake 1P prompt, captures the passphrase, posts a fake error, and then redirects to the actual site - the user will assume they just entered the passphrase wrong. Having the unlock separate from the data entry fields is a vastly more secure and better user experience.
0 -
Right there - it's only a matter of time before someone either accidentally types in their passphase into the login field, or a malicious actor puts up a fake 1P box that does capture the passphrase right on the page. It shouldn't appear anywhere inside the browser window - needs to be a completely separate UI element (like hitting the toolbar icon).
0 -
The new Safari extension is so slow to load (on the order of three seconds), it’s too frustrating to even give it a fair shake.
0 -
@dougl sorry, I think I'm still confused. There's no password field in the 1Password UI. Are you saying the fact that a 1Password icon is shown will cause someone to just start typing their account password?
Folks who are using this on a regular basis will not be expecting to type a password at all because we never ask them to, so it's not a muscle memory thing. And I have a hard time believing that folks who don't use this UI regularly will just assume they should type their password here.
As for a malicious actor, yeah, that will always be a threat, whether or not we have an inline menu.
@tiltowaitt yeah I think we have some things to work on there. Have you tried Chrome, Firefox, or Brave? I use Brave as a daily driver, and the extension is pretty snappy there.
0 -
@rob I have not. I don’t use those browsers.
0 -
@rob exactly. That in-line prompt will be weaponized at some point so it does show a password prompt, and a substantial minority of users will just think it's an upgrade (how many people still click links in inbound emails after all). It doesn't provide any real utility, causes UI problems when it pops up, and adds risk.
At the very least we need a way to turn it off and just use the toolbar icon.
0 -
That in-line prompt will be weaponized at some point so it does show a password prompt,
I see what you're saying. I just don't see the risk as that much greater than if the thing never existed. Either way people could/would just see it as a new feature. The best we can do is provide a consistent way to actually unlock 1Password so that anything different from that is regarded with suspicion.
At the very least we need a way to turn it off and just use the toolbar icon.
Ah, that you can do, at least partially. In the settings for 1Password in your browser, turn off "Show autofill menu on field focus":
0 -
We'd love to elaborate more but this is something that's been explored internally and isn't quite ready to make the spotlight. If and when it does make it out of the lab, we'll be sure you give you a shout 🤫
0 -
@rob thanks! glad to know that's still there.
And fair point, though users expecting something there is a mental model that makes it easier. I guess I find it unnecessary visual clutter. It often covers up other fields that I need to access, or override (e.g. when a site has changed from username to email, but the update didn't take in 1P).
But since it's disablable, I'm going to do that on my family's machines right now :-)
0 -
Glad to help! 👍
0 -
Hi @rob just opening this one back up a bit. Installed the new plugin on my ipad, and on the very first site I ended up starting to type my passphrase into the actual website login field instead of the unlock. What happened is that when I clicked on the 1password icon in the username field, it popped up the keyboard, but because of the screen layout, all I could see was the one password logo (the 'please unlock from the toolbar' message was hidden by the keyboard). It looked for all the world like the entry field was the 1P field, when it was really the website field. This absolutely will happen repeatedly unless people are very very careful. I know now to always use the toolbar icon, but for safety's sake is there a way to remove the injected 1P icon in the username field itself on iOS?
0 -
Hey @dougl. I appreciate your sharing your experience here, especially with the context of the wording being cut off and only the icon being visible. It's not possible currently to turn off the inline icon on iOS/iPadOS, so I've opened two issues internally for us to track and think about things further: 1, the option to turn off the menu, as is present on desktop; and 2, the inline wording/appearance by default, so we maintain helpful functionality while keeping our users as safe as possible.
ref: dev/core/core#4314
ref: dev/projects/customer-feature-requests#9180
