How to disable automatic spell checking?

2»

Comments

  • ethanpooley
    ethanpooley
    Community Member

    @Dave_1P Add me to the list of folks who want to disable spellcheck. And the list of folks who don't understand what more your team needs to hear. We don't want it to get better, we want it to go away. Here is my list of things that appear frequently in my Notes fields and are almost always underlined, with examples where necessary:

    • Usernames ("examplebird")
    • Passwords
    • Recovery codes / One-time codes
    • Company-specific abbreviations ("OTP")
    • Domains ("somewhere.us-east-1.rds.amazonaws.com")
    • Filenames ("anything.txt")
    • Proper nouns (people/places) from all over the planet ("Dua Lipa")
    • Company names ("1Password")
    • Product names ("iBook")
    • Shell commands ("chmod")
    • Shell options ("--tty")
    • Custom date formats ("30Dec2024")
    • JSON/YAML property names ("firstName")
    • The acronyms "JSON" and "YAML", ironically
    • The word "subnet" and many other common tech words
    • Hex color codes ("#ffffff")

    If there are sections of long text, 1Password isn't where we composed it, so we don't need spellcheck. We likely pasted it into 1Password. This is just where we put it to store and share securely. We read it there and we copy it from there. Sometimes we refer to entries very frequently and need to locate items in the text, which is quite hard when the text is a sea of red.

    I think what we all want to know is: why can't we get a toggle? What is the opposition to allowing us to turn it off?

  • @ethanpooley

    Thank you for the very detailed list of places where spellcheck is getting in the way when you use 1Password. I've passed this along to the team and I'm sorry for the inconvenience.

    I think what we all want to know is: why can't we get a toggle? What is the opposition to allowing us to turn it off?

    I wouldn't say that there is opposition, the feature request has been filed and is currently in the team's backlog. In the meantime, adding more details on how specifically spellcheck is interfering with your workflow may help get the feature request prioritized and actioned sooner so that's why my colleagues and I have asked for those details in the past. 🙂

    -Dave

    ref: PB-42960057

  • 1pLongtimeUser
    1pLongtimeUser
    Community Member
    edited November 16

    I'm a Mac user. I have a different issue with spell check than most of the above comments, unrelated to underlines. To be honest, underlines are the least of my concerns.

    Anything I enter in 1Password is likely information I want ultimate security with. The idea that I might type very sensitive information into a note in 1Password, and that information is being handed off to a system spell checker, really freaks me out. I can't figure out why a spell checker in a password manager seemed like a good trade-off in terms of highest possible security vs. convenience.

    I also don't understand why this issue has been discussed for years now yet there's no action being taken. I really want to know my password manager is as secure as it can possibly be, misspelled words are really not something that's important in a password manager.

    All said, is it possible to give an argument why having 1password entries routed through a spell checker (in my case, I think it's the Mac system's spell checker), doesn't needlessly add a potential attack surface?

  • 1pLongtimeUser
    1pLongtimeUser
    Community Member
    edited December 6

    I was just doing a bit more research and saw there's actually a term coined, spell-jacking (or spelljacking), referring to leaking sensitive information due to spell checking being active where it shouldn't be. I feel so uneasy knowing text in my Secure Notes and non-PW fields in 1Password is shared with my OS spell checker. I really wish the focus was more on stopping every possible security leak like this over fancy new features. I see threads elsewhere on this subject that are also a couple of years old, and I don't understand why a security product doesn't take this more seriously.