Feature Request: "Paranoid Mode"

jahio

I'd like to request a new feature that I rather snarkily refer to as "paranoid mode". (Feel free to rename it!) Here's a rough screenshot marked up to give you some idea of what I'm talking about. More description below the image:

The problem: if I accidentally get the 1Password app UI window displayed for any reason while another person is looking at my screen, be that in the office or via screen sharing, it's going to inadvertently show them a partial list of my most recently used accounts. Email addresses, names, domains, account vendors/websites, etc. It's an information disclosure vulnerability that's triggered, yes, entirely by human error, but a very easy error to make nonetheless. Even worse, this could have significant legal ramifications for the end user (not for Agile Bits of course, just the person using 1P).

Imagine the following scenario:

Let's say you have to demo some software to one of several clients you currently work with. You start up Zoom (or Teams, or whatever) and share only a portion of your screen. Then somehow you alt+tab, or maybe erroneously click, the app in your launcher/dock/start menu. Upon UI load, 1Password appears to display the list of accounts associated with whatever entry you clicked last in the far-left nav bar. And that's the problem: one wrong click and boom, you've now violated multiple NDAs by disclosing your client list to a third party! Kiss your job - and for some of us, your only place to live - goodbye!

(NB: The screenshot above shows the archive, but that's only because that's the last thing I was looking at before I closed the window. When I re-opened the window - 1P remained unlocked by the way per my configuration preference because reasons - it re-displayed that same list of things. This is totally normal, sane, expected behavior, but can be a problem in certain circumstances, like what I just described. This same behavior happens no matter what you click. I've tried to get this to default to an empty list of Favorites, but when favorites is empty it just goes back to the main category of all entries anyway.)

A proposed new feature could fix this: "paranoid mode"

Add a checkbox in the settings menu for "Paranoid Mode" with a description. Leave it OFF by default (opt-in) so as not to mess with people's existing workflows.

The idea here is, when the app window gets drawn on the screen, if 1P is unlocked or would otherwise display entries for any reason, instead have it display just one big button in the center of the screen, absolutely nothing else - no entries, nothing - that says something like:

"Paranoid Mode is ON: Click and hold this button to see your 1Password items."

Then the user would have to click and hold the left mouse button for, say, 3 seconds (make this configurable, as well as an option to hold down a user-defined keyboard combination instead of the mouse if the user desires) before that big button disappears and the app works as normal. When you close the main app window/display again, the app is once again still in paranoid mode, such that when you re-open/re-display that app UI window again, you have to click and hold again too if you want to see anything.

Imagine the interface for a game on XBox Series X or Playstation 5 or whatever. Sometimes you have to hold down square or X or Y or something if you want to loot the foe you just vanquished. Same thing here, and an animation to match that sort of flair/style would definitely go a long way in terms of user experience, aesthetics, and clarity as to what's going on when you hold that button down.

To be clear in my intent, I'm not at all criticising 1P or AB here in the slightest - this isn't a "you're doing it wrong and I'm mad!" post, far from it! This is just a friendly feature request that I'd like to ask for, because I'm certain somebody is going to shoot themselves in the foot with this eventually if they haven't already, and knowing myself, that could very likely be me. Granted the ramifications wouldn't generally be too dire, but that's a matter of luck, not intention; this sounds like a simple and fairly easy-to-implement feature that could protect a lot of people for years to come and differentiate the product substantially in what is an increasingly crowded market.

But most importantly, I just don't need my clients knowing my username for hello kitty island adventure! (Is that even still around? Asking for a "friend"...)

Thanks for anything you can do here! Oh, and if this is already possible and I'm just Doing It Wrong(TM), please tell me so I can correct my ignorance. Thank you!

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

chris55

I mean there’s a couple of ways you could achieve this already.

One way is just create a new vault, copy/ move items into there which you need for your meeting. Then select this vault in the sidebar. Only items in that vault will display.

Or you could create a new vault with only the specific items you would need for the meeting, then utilise 1Password 8’s collections feature where it will only display the specific vaults you select. Prior to going to a meeting / zoom call, select that collection, then there is no way to display your other items without actively selecting a new collection.

Just a thought in case this could help you.

chris55

Thirdly, you could use quick access where only items within your search term will appear.

rctneil

@jahio This seems like a very nice feature. This scenario has also affected me and having this feature would have enabled me to move the window to a part of the screen that's not in view, or ask a person over my shoulder not to look at the screen etc before exposing any 1PW details.

Great suggestion. Please add my +1 to it!

snozdop

I don't know if this is technically possible, but could 1Password detect if a screen sharing app is running, and then obscure the window contents (blurred, blacked-out, whatever) until some definitive user action is taken, to avoid accidental reveals of the window contents?

rctneil

It's not just screen sharing though. That's a big part yes, but the feature described by @jahio would also prevent someone just standing behind you watching your screen (intentionally or non-intentionally).

XIII

Why don’t you just lock 1Password instead of flipping that proposed new switch?

rob

This is an interesting idea, @jahio, thanks for the write-up. There are a couple good suggestions from others here for how to avoid mishaps with the way the app works today. I think of it kinda like desktop icons, too; it's a good idea to remove anything sensitive there before a call starts. I personally use collections a lot for this like @chris55 mentioned. Here are a couple more ideas:

• @XIII mentioned locking 1Password. You can do that even when 1Password is in the background using a keyboard shortcut (Command-Shift-L on Mac by default but customizable in settings) or the menu bar icon. That way if you remember after the call started that you forgot to lock it you don't have to bring up the window to do so.
• You could lower your auto-lock setting as low as 1 minute to help prevent surprises.

I think if we were to implement a "paranoid mode", it would be based on a full lock (requiring password or biometrics) rather than holding a key combination or mouse click because we wouldn't want to confuse things by effectively having both a strong and weak way to "lock" the app. But perhaps there would be room for a feature like you described where 1Password just locks basically any time it's not being actively used. I'd be curious to hear how many others would use a feature like that.