iOS 15 extension feedback

First impression: this Mobile Safari extension is awesome!

Hi folks!

So glad to hear you're playing with and largely enjoying the new extension. :)

Unlocking the extension is not a great experience. Took me a little while to realise you have to click “Aa”, press 1password, biometrics, then continue. I don’t know the technicalities but can you not click the locked 1password icon in the input field to prompt an unlock? Similar to macOS?

The experience here is a little better on iPad because the 1Password icon can remain in the address bar, resulting in one less tap. That said we intentionally do not show the Master Password prompt as a direct result of clicking on the inline menu (the icon within input fields) on any platform. There are security motivations behind this — specifically if we did do this people could become accustom to entering their Master Password as a result of interacting with an in-page element on 3rd party websites. As such unlocking is always handled outside of the page.

Nit picking here, but when my device is on dark mode, safari obviously doesn’t set the background to dark, but the 1password extension mirrors the current system setting. So you end up having safari in “light mode” and the extension pop up in dark mode.

I'm not entirely sure I follow here. Which background are we talking about? Safari appears to be in dark mode for me with the system set to dark mode, even when interacting with the 1Password extension.

I set my 1password previously to require a Face ID / master password to fill any password. In case my devices passcode was compromised (otherwise a failed biometric would allow the device passcode to auto fill). Is there anything in the pipeline to enable a similar setup with the extension? I’d much rather have the option to authenticate with Face ID / master password for every initial auto fill. I also have auto lock on my phone disabled so authenticating every login rather than being unlocked for x amount of time of inactivity is better for me.

I'm checking with our development team to see if we have access to the system lock status from the web extension. Initial thoughts were that we don't, but I'm trying to get further info. Beyond that, the only other option I'm aware of for this case would be to manually lock the extension after each use. This can be done from the menu at the top right.

For sites with multiple logins, if you selected the wrong one, clicking the 1password icon in the input field does nothing, doesn’t pop the account selector back up again.
Edit: It does, but only if the keyboard is visible and you long press the 1password icon. Not great.

That's an interesting one. Will let the dev team know. :)

Now the extension in enabled, do we disable the auto fill in settings, passwords, auto fill? Now the in line menu appears with accounts as well as the ribbon(?) above the keyboard. I don’t know if this messes with auto fill in apps rather than safari.

Personally I won't be disabling Password AutoFill because it'll still be useful in non-Safari apps. I suspect I won't really use it within Safari, though.

Ben

1P_Ben

I like the new extension but geez it is cumbersome to open - is there not anyway it can sync with the App and have its lock status associated with the App? i.e. if the App is locked so is the extension, and if the App is unlocked so is the extension?

Alternatively allowing Biometrics by default to unlock it instead of requiring a password would be handy.

Finally understand the point about the security concerns of just entering your master password every time you interact with a page element - but is there any way to get a pop up or some sort of notification to alert the user that the extension is still locked?

I think the current situation is fine for people that know what they're doing with 1P but for novices its going to be hard and I suspect they'll just rely on the Auto Fill status rather than the extension (which would be a shame).

Just adding to this - with the extension on Safari for iPadOS there seems to be no way to bring up the extension settings - you click on the account icon - click settings and then it opens a new blank tab.

1P_Ben

I set my 1password previously to require a Face ID / master password to fill any password. In case my devices passcode was compromised (otherwise a failed biometric would allow the device passcode to auto fill). Is there anything in the pipeline to enable a similar setup with the extension? I’d much rather have the option to authenticate with Face ID / master password for every initial auto fill. I also have auto lock on my phone disabled so authenticating every login rather than being unlocked for x amount of time of inactivity is better for me.

I think the extension is a wonderful step forward but I have to agree with this feedback and I don’t think it’s a case of wanting to be overly secure.

I can’t believe I’m phrasing this as a user story but…

As a parent, I want to require Face ID for every auto fill, so that my child cannot login to my bank website when I give them my iPad.

Is it just me or is FaceID slow and glitchy with the Safari Extension? My FaceID works fine everywhere else but with the extension it often hangs or fails.

1P_Ben

I'm not entirely sure I follow here. Which background are we talking about? Safari appears to be in dark mode for me with the system set to dark mode, even when interacting with the 1Password extension.

Apologies I don't know how to resize the image. But safari in dark mode doesn't change the background colour of many sites to dark. But the extension is. Like I said, minor niggle.

The experience here is a little better on iPad because the 1Password icon can remain in the address bar, resulting in one less tap.

On the iPhone to unlock can be 5 steps! 1 tap at the bottom to show the menu bar, then Aa, 1password, biometric button, continue. This surely can be better, someone less techy would not use this on the iPhone. on macOS, if 1password is locked and you click an input field, it says "open 1password" which prompts an unlock. Like I said, I don't know the technicalities to whether this is an option on iOS.

Beyond that, the only other option I'm aware of for this case would be to manually lock the extension after each use.

This could be a workaround for those who like 1password authentication (biometric/ master password) for every autofill rather than iOS autofill (passcode/biomtric) IF unlocking the extension wasn't so janky.

Again, only if the keyboard is present and you long press the 1password icon is does provide a pop up but asks you to open it through the toolbar icon.

Could this say unlock?

My first impression: doesn't work with standalone vaults, that kinda sucks.
My second impression: the old autofill feature has been drastically diminished now with the new extension. F*ck that.

I've been a loyal 1P user for a good decade, but I refused to upload all of my passwords to 1P.com. There is no technical reason why this new extension doesn't support local vaults, there is no good reason to gimp the previous autofill capabilities, and there is no forgivable reason for pushing this update out without warning local vault users first.

The 1P team promised on multiple occasions that 1P7 would continue to support local vaults, and that 1P8 would be an entirely new app on the App Store (thus 1P7 users wouldn't be forced to upgrade to 1P8). The decision to update 1P7 on iOS with a new feature that specifically doesn't support local vaults is a huge slap in the face. And because this update is to 1P7, users are forced to update to it. It would be one thing if the new extension didn't result in the removal of other features (like the form share sheet), it's an entirely other thing to remove features and essentially punish your local vault users.

I'm beyond distraught at AgileBits as you have taken to outright lying to your user base. I really have no idea what happened to the team at Agile Bits

I think the new extension and the functionality it provides looks fantastic, but I’m probably not going to end up using it all that much because the unlocking workflow is quite poor and requires too many steps. For proxy of already stored passwords, the old approach seems much better currently assuming you aren’t happy to leave your vault unlocked for extended periods of time.

I’ll leave the extension enabled for those times I want to generate a new password with non default rules, but for every day login unfortunately not having Face ID for each login, and having to go through multiple steps to do an unlocks, just too big a hassle. The old implementation flows so well.

Hopefully this can be addressed and it’s not just an iOS limitation, as the actual controls quite good.

I’d also like to be able to select particular vaults to match passwords from rather than the filtering applying to accounts.