Automatically signin for windows 10 with 7.7.819 does not work. +Wordpress Admin Issue

This is a show stopper feature for my... the option "Automatically sign in after filling the username and passwords" is already checked in the app but when I click on the link in the APP or the chrome browser (1password), it just stops by auto filling the credentials and does NOT automatically sign in. on the individual login, i have enabled "Always submit". Not sure what other settings to tweak to get this to working on windows. I have read how on IOS this feature is no longer in action but what about windows?

Just for test, I installed demo of your robo forms and found that auto-signin working... Love 1 password but need the automatically signing option as provided by the competitors

Second question i have is that due to non signing in automatically, on the WordPress admin site, there is a view password icon (Default to WordPress admin page credentials). Since the credentials are already input on the page when clicked on 1password and not auto-signing, one can click on he eye icon to view the password and copy paste. This is for a shared machine... Is there an option to hide the password view through 1-password?

Any help is greatly appreciated.


1Password Version: 7.7.819
Extension Version: Not Provided
OS Version: Windows 10

Comments

  • Jack.P_1P
    edited September 2021

    Hi @kashif1:

    Regarding auto-submit, I'm not aware of any plans in this regard, and as such I'm fairly confident auto submit is not making a return in the foreseeable future. If there were to be a shift in the landscape, we could re-evaluate based on that.

    In a use case of a shared machine, there's less that can be done. We do recommend each user use their own individual user account for a device.

    Web sites with password visibility options are something controlled by the site. Additionally, password visibility is a visual change, rather than actually obfuscating the password. Someone who was suitably motivated could still see the password itself, whether or not it's censored as "●●●●●".

    Jack

  • kashif1
    kashif1
    Community Member

    Hi @jack.platten ,
    Thanks for replying back. Another quick question is Least permission for client is "View and Copy Passwords: view concealed passwords and copy them to the clipboard" <== Is there an option in any of the plans to JUST launch the URL and NOT see the password. I tested robo and also bitwarden then have this capability that username is viewed but password is showing as ●●●●● both int the windows client as well as browser extension and there is no way to view the password and copy it to the clipboard.
    Can I achieve this part with 1password? Basically I am looking for certain users just to launch the URL without the ability to conceal the password either int he browser or the windows app. Then if the browser itself has an unmask option then it is a different issue as you already replied...

  • Hi @kashif1:

    1Password Teams has the ability to disable the "reveal" permission for users in vaults you specify.

    However, again, please keep in mind that this only protects against casual or accidental password viewing or copying. Someone who is even slightly determined can simply edit the source on a page (or use a bookmarklet or extension to do it automatically). You can see a bunch of extensions that do this with a simple Google search.

    https://www.google.com/search?q=reveal+password+extension

    This is true for any password manager -- not just 1Password. If someone has the ability to use a password somewhere, they can view that password.

    As an example from our 1Password Security Design white paper (page 36):

    The administrators have come to be wary of how the dog Patty (see Story 6 for background) treats data. They want Patty to have access to the password for the dog door (they want her to be able to leave and enter as she pleases), but they do not want Patty to give that password to any of her friends should her paws accidentally press the ”reveal” button.

    And so, the administrators limit Patty’s ability to reveal the password. She can fill it into the website that controls the dog door (she lives in a somewhat unusual household), but she cannot accidentally press 1Password’s “reveal” button while her friends are watching. This is protected by client policy.

    But Patty is a clever dog. When she uses 1Password to fill in the website, she then uses her browser’s debugging tools to inspect what 1Password has inserted. She gets the password, and she tells it to all of her friends so they may come and visit.

    The house is overrun with Patty’s friends running wild, and the administrators have learned an important lesson that client policy controls are easily evaded.

    If someone once had access to a password, you must change it after they leave if you don't want them to have access to it. To assume they never revealed the password after it was filled (where it can no longer be controlled by 1Password or any other password manager) is not a safe assumption.

    I hope that clarifies your concerns.

    Cheers!

  • kashif1
    kashif1
    Community Member

    This is protected by client policy <-- Can you please share some documentation that covers this settings in detail?
    Thanks for your replies.

  • ag_ana
    ag_ana
    1Password Alumni

    @kashif1:

    What information are you looking for exactly, so we can ask the team? Have you seen the section named Client-enforced policy in that document? Did that help?

  • kashif1
    kashif1
    Community Member

    I got to test it on my trial account so I am good with the viewing options.
    Last question - how can I create sub-vaults? There is no hierarchy in the folders or the vaults that can be created. This requirement is to arrange the information on the browser APP which shows a full list of items if there are many just in the LOGIN section... Is there a way to create a hierarchy or show as such in the browser (chrome) app the vaults and sub-vaults etc?

  • Hi @kashif1! My understanding is that there is no way to create sub-vaults at this time. However, that doesn't mean that items can't be organized:

    1. Vaults themselves provide a way to segment information into topics of interest ("gardening, family, work, secret spy activities, and so on"). And you can create a lot of them, if necessary!
    2. Tags provide a way to find items that have some trait in common, which can be anything you decide
    3. The search function brings up items with common names

    Does that help organize the information in a way that's helpful to you?

This discussion has been closed.