Documents download handling
In 1Password 7, viewing a document downloaded it to a temporary folder where it could be viewed using Quick Look in 1Password or revealed in Finder. Currently it seems that 1Password 8 only supports downloading a document to the default downloads folder. Can we have the behavior where documents get downloaded to a temporary folder and deleted when we're done interacting with it in 1Password 8? My current concern is the decrypted and downloaded file being caught in one of my regularly scheduled backups. If it were in a temporary directory I (or perhaps 1Password?) could mark that directory to be ignored for backups.
It'd be even better if there could be a proxy icon of the decrypted document displayed in 1Password so we could double click to open or drag and drop directly from the 1Password window.
1Password Version: 8
Extension Version: Not Provided
OS Version: macOS 11.5
Comments
-
I completely agree. While the current behaviour of
Download
on a document should be part of a dropdown option, this is a regression against 1Password 7. Additionally, the ability to see documents in a quick-look or preview mechanism the way that can be done in 1Password 7 is missing.On macOS:
- Download should be to a temporary folder by default to enable QuickLook (missing entirely) or in-pane view (missing entirely).
- Having a
Download To…
orSave As…
option for the document, or a proxy icon (best idea, IMO) would make a lot of sense as well.
I consider both of these regressions to 1Password 7.
1 -
I think we should be able to view the document inside 1Password. There's no reason not to as far as I can tell.
1 -
In 1Password 7, one can use QuickLook to view attached documents, which is incredibly handy.
1 -
Bump
Any input from the 1Password team about how the 1Password 8 macOS app handles documents? Are any of the above suggestions planned? Or is document handling a non-priority?
While I do store documents like text files and images in 1Password that I very occasionally refer to, my most common use case is storing keyfiles in 1Password. For these, all I really need is to decrypt, drag and drop to some file field (e.g. file upload in a web interface to my local NAS), then delete when done. Having to juggle 1Password, Finder, and the app where the file is needed kind of sucks and it'd be better if this could all be done while only needing to interact with 1Password (main window) and the other app.
0 -
Hello? tap tap Is this thing on?
Sorry for the multiple comments, but this is an important use case to me and I'm not sure if this topic is just being ignored.
0 -
@Ben tagging you, because I know you respond...
I just ran into this issue. I previously complained about not being able to preview attachments, but didn't realize that it is downloading them to my downloads folder where they can happily sit, unencrypted until my Hazel script moves them to the trash.
This is not an acceptable flow. As mentioned above, loading into a temp folder and then deleting is what should be happening if it can't be loaded into an encrypted space.
0 -
Hi folks,
I apologize for the delayed reply. We're digesting all of the feedback posted here and will try to reply to every thread we can, especially where we can add value.
As it stands, for the initial release of 1Password 8, the current behavior is what we expect to ship. For Quick Look there are complications regarding expectations about what happens to previewed files when the app locks, as well as the possibility of data loss if one believes the files can edited on disk. To simplify the situation we settled on the "Download" behavior that you see now.
These same questions / problems exist in 1Password 7 for Mac. We have implemented various mitigations for them there, but we decided to simplify things for the initial launch of v8 and will take another look based on feedback received and potential mitigations in the future.
I have added this thread to our internal discussion on the subject. Thank you all for your input.
Ben
ref: dev/core/core#8252
0 -
I understand the perception. I would argue that in some ways the behavior in 1Password 8 makes it more clear, particular to those less technically-savvy, that files have to be decrypted (taken outside of 1Password) in order to be viewed. That was true in previous versions as well, but that fact was obfuscated. In 1Password 7 we had automated processes to clean up decrypted files when the app locked — some of the mitigations I mentioned above — but there were opportunities for those to fail and leave decrypted data laying around essentially invisible to the end user. These would be rare edge cases, such as the app crashing before it could clean up, but still a potential for the experience to not match the expectation. It was felt that at least for this initial implementation making it clear what data is decrypted, by having it visible in the Downloads folder, was a sensible choice.
This is something we’d like to take a closer look at after the first stable release, but at this time the plan is to proceed with the current implementation. And as always, we'd recommend enabling FileVault 2 / full disk encryption as an additional layer of protection against these types of concerns.
Ben
0 -
My
~/Downloads
folder is synced to iCloud.The currently implemented feature leaks sensitive data.
This is a BAD implementation decision.
1 -
There should at least be the option for users to specify a download folder rather than defaulting to the user's download folder.
0 -
+1 for this suggestion! I also submitted a request for this.
0 -
Hi folks! While as @ben said, any potential changes may have to wait until after the
Stable
release, I have filed your requests for more download options and different download handling with our developers, so that this can be considered by the team in course. Thanks for taking the time to share with us what you think would work best. 👍ref: dev/projects/customer-feature-requests/#898
0 -
Until this is resolved, I will be recommending against upgrading to 1Password 8, as this is a real reduction in security.
0 -
I was about to start a new thread but luckily I found this one.
As mentioned above the data security leak caused by 1PW8 is just unacceptable, I have just realised that a document I 'viewed' has been copied up to backBlaze, added to Time Machine and my regular Carbon Copy clone - I know these backup are in themselves encrypted but that is not the point. I now need to take positive action to remove the document from each of these backups. I should not have to do this.
I already have a 'do not backup' folder on my iMac which, funnily is not backed up. It was there originally for when I have some large transient documents that just do not need to clog my backups but I do also occasionally use it for sensitive files.
As a minimum I think 1PW8 needs an urgent patch to allow me to specify the default download folder.
I am off to consider downgrading to 1PW7 for the time being.
Thank you for your help.
1 -
Hi @iwaddo, thank you for sharing this with us.
While I don't have anything definite to share on this yet, we are considering how document download handling might be done in future versions of 1Password. We do take the security implications of this feature seriously, and are looking at how to implement this in a user-friendly way that mitigates security and privacy concerns under a number of different scenarios. Thanks for contributing to the discussion here!
ref: dev/core/core#10857
0 -
So I do have a rather clunky workaround.
Steps
1. Rename all the documents in 1P with an identifier, for example add 1P- as a prefix
2. Use a Folder Action to watch the Downloads folder and then move the downloaded document to a folder that I've excluded from all my backupsAfter the move
- I can create a Notification
- open the folder in Finder
- create a Saved Search Query to my Finder Sidebar to help me check whether I've still any downloaded secure documents
The options are probably endless, you can do whatever takes your fancy.
0 -
This content has been removed.
-
On my iMac it was easier to use Automator, I've pasted it below. Happy to answer any questions about it and great to hear if anyone can think of any enhancements. I did also setup a Smart Search in Finder as an easy way to check.
To be honest this is probably overkill for a relatively minor security issue but it has been a bit of fun to do and has given me inspiration for a file based task that is a bit repetitive I can probably now automate :-)
0 -
Using a separate solution that requires that we rename our documents and configure the system differently is not a solution at all. It is incumbent on 1Password to remedy this security regression correctly. The default download should be to a temporary location (erased when 1Password locks) and there should be an option to "Save As…" to a different location. Anything else is by definition less secure. I’m not even sure why this was done this badly in the first place, given the company’s general reputation and stance on security (this never should have passed by the Dark Arts).
0