iOS 15 extension feedback
Just a quick bit of feedback from the latest release!
Edit: I’m on an iPhone. I’m sure this update for an iPad is exceptional.
Positives:
sites with multiple logins are now an absolute breeze to handle
Changing passwords, especially using smart passwords is much easier and now really intuitive. I’ve changed a few passwords just to test it out in a matter of minutes!
Negatives:
Unlocking the extension is not a great experience. Took me a little while to realise you have to click “Aa”, press 1password, biometrics, then continue. I don’t know the technicalities but can you not click the locked 1password icon in the input field to prompt an unlock? Similar to macOS?
Nit picking here, but when my device is on dark mode, safari obviously doesn’t set the background to dark, but the 1password extension mirrors the current system setting. So you end up having safari in “light mode” and the extension pop up in dark mode.
I set my 1password previously to require a Face ID / master password to fill any password. In case my devices passcode was compromised (otherwise a failed biometric would allow the device passcode to auto fill). Is there anything in the pipeline to enable a similar setup with the extension? I’d much rather have the option to authenticate with Face ID / master password for every initial auto fill. I also have auto lock on my phone disabled so authenticating every login rather than being unlocked for x amount of time of inactivity is better for me.
For sites with multiple logins, if you selected the wrong one, clicking the 1password icon in the input field does nothing, doesn’t pop the account selector back up again.
Edit: It does, but only if the keyboard is visible and you long press the 1password icon. Not great.
Other:
- Now the extension in enabled, do we disable the auto fill in settings, passwords, auto fill? Now the in line menu appears with accounts as well as the ribbon(?) above the keyboard. I don’t know if this messes with auto fill in apps rather than safari.
I’m sure there’s more positives! I just haven’t come across them yet. Great work though 😃
Comments
-
First impression: this Mobile Safari extension is awesome!
0 -
Hi folks!
So glad to hear you're playing with and largely enjoying the new extension. :)
Unlocking the extension is not a great experience. Took me a little while to realise you have to click “Aa”, press 1password, biometrics, then continue. I don’t know the technicalities but can you not click the locked 1password icon in the input field to prompt an unlock? Similar to macOS?
The experience here is a little better on iPad because the 1Password icon can remain in the address bar, resulting in one less tap. That said we intentionally do not show the Master Password prompt as a direct result of clicking on the inline menu (the icon within input fields) on any platform. There are security motivations behind this — specifically if we did do this people could become accustom to entering their Master Password as a result of interacting with an in-page element on 3rd party websites. As such unlocking is always handled outside of the page.
Nit picking here, but when my device is on dark mode, safari obviously doesn’t set the background to dark, but the 1password extension mirrors the current system setting. So you end up having safari in “light mode” and the extension pop up in dark mode.
I'm not entirely sure I follow here. Which background are we talking about? Safari appears to be in dark mode for me with the system set to dark mode, even when interacting with the 1Password extension.
I set my 1password previously to require a Face ID / master password to fill any password. In case my devices passcode was compromised (otherwise a failed biometric would allow the device passcode to auto fill). Is there anything in the pipeline to enable a similar setup with the extension? I’d much rather have the option to authenticate with Face ID / master password for every initial auto fill. I also have auto lock on my phone disabled so authenticating every login rather than being unlocked for x amount of time of inactivity is better for me.
I'm checking with our development team to see if we have access to the system lock status from the web extension. Initial thoughts were that we don't, but I'm trying to get further info. Beyond that, the only other option I'm aware of for this case would be to manually lock the extension after each use. This can be done from the menu at the top right.
For sites with multiple logins, if you selected the wrong one, clicking the 1password icon in the input field does nothing, doesn’t pop the account selector back up again.
Edit: It does, but only if the keyboard is visible and you long press the 1password icon. Not great.That's an interesting one. Will let the dev team know. :)
Now the extension in enabled, do we disable the auto fill in settings, passwords, auto fill? Now the in line menu appears with accounts as well as the ribbon(?) above the keyboard. I don’t know if this messes with auto fill in apps rather than safari.
Personally I won't be disabling Password AutoFill because it'll still be useful in non-Safari apps. I suspect I won't really use it within Safari, though.
Ben
0 -
I like the new extension but geez it is cumbersome to open - is there not anyway it can sync with the App and have its lock status associated with the App? i.e. if the App is locked so is the extension, and if the App is unlocked so is the extension?
Alternatively allowing Biometrics by default to unlock it instead of requiring a password would be handy.
Finally understand the point about the security concerns of just entering your master password every time you interact with a page element - but is there any way to get a pop up or some sort of notification to alert the user that the extension is still locked?
I think the current situation is fine for people that know what they're doing with 1P but for novices its going to be hard and I suspect they'll just rely on the Auto Fill status rather than the extension (which would be a shame).
0 -
Just adding to this - with the extension on Safari for iPadOS there seems to be no way to bring up the extension settings - you click on the account icon - click settings and then it opens a new blank tab.
0 -
I set my 1password previously to require a Face ID / master password to fill any password. In case my devices passcode was compromised (otherwise a failed biometric would allow the device passcode to auto fill). Is there anything in the pipeline to enable a similar setup with the extension? I’d much rather have the option to authenticate with Face ID / master password for every initial auto fill. I also have auto lock on my phone disabled so authenticating every login rather than being unlocked for x amount of time of inactivity is better for me.
I think the extension is a wonderful step forward but I have to agree with this feedback and I don’t think it’s a case of wanting to be overly secure.
I can’t believe I’m phrasing this as a user story but…
As a parent, I want to require Face ID for every auto fill, so that my child cannot login to my bank website when I give them my iPad.
0 -
I'm not entirely sure I follow here. Which background are we talking about? Safari appears to be in dark mode for me with the system set to dark mode, even when interacting with the 1Password extension.
Apologies I don't know how to resize the image. But safari in dark mode doesn't change the background colour of many sites to dark. But the extension is. Like I said, minor niggle.
The experience here is a little better on iPad because the 1Password icon can remain in the address bar, resulting in one less tap.
On the iPhone to unlock can be 5 steps! 1 tap at the bottom to show the menu bar, then Aa, 1password, biometric button, continue. This surely can be better, someone less techy would not use this on the iPhone. on macOS, if 1password is locked and you click an input field, it says "open 1password" which prompts an unlock. Like I said, I don't know the technicalities to whether this is an option on iOS.
Beyond that, the only other option I'm aware of for this case would be to manually lock the extension after each use.
This could be a workaround for those who like 1password authentication (biometric/ master password) for every autofill rather than iOS autofill (passcode/biomtric) IF unlocking the extension wasn't so janky.
0 -
Again, only if the keyboard is present and you long press the 1password icon is does provide a pop up but asks you to open it through the toolbar icon.
Could this say unlock?
0 -
I think the new extension and the functionality it provides looks fantastic, but I’m probably not going to end up using it all that much because the unlocking workflow is quite poor and requires too many steps. For proxy of already stored passwords, the old approach seems much better currently assuming you aren’t happy to leave your vault unlocked for extended periods of time.
I’ll leave the extension enabled for those times I want to generate a new password with non default rules, but for every day login unfortunately not having Face ID for each login, and having to go through multiple steps to do an unlocks, just too big a hassle. The old implementation flows so well.
Hopefully this can be addressed and it’s not just an iOS limitation, as the actual controls quite good.
I’d also like to be able to select particular vaults to match passwords from rather than the filtering applying to accounts.
0 -
Tl;dr for this thread,
Fix the 5 step unlock on iPhone
Enable Face ID authentication for each login
Edit: for me this implementation isn’t an issue on macOS, as you have support to switch user or switch to guest if someone else was using your computer. This isn’t an option on iOS right now if some has access to you iPhone, through being trusted or someone knowing your passcode.
And unlocking the extension in macOS isn’t a hassle.
The extra steps and less secure login means many users won’t use this feature, which is a shame, as this has so much potential.
Edit: in its current form, I wont use the extension, i would rather use the auto fill, that authenticates through 1password, using Face ID or master password0
