type in a password manually but have it masked
so in almost every website when you type in the password it is masked. sometimes, i must manualy type the password into 1password, but i dont see how to keep it masked while i am typing it in.
any help
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hi (again) @pathfinder76
You're right that 1Password doesn't obscure anything when you're editing it, only when you view it afterwards.
This is mostly for accuracy purposes so that you can see what you're doing, but also to prevent a false sense of security. For example, if someone was watching over your shoulder, they would still see the character you're entering (because the last character is briefly shown before being obscured) or by seeing what key you tapped on the keyboard. Obscuring inputs might make people think that shoulder-surfing is impossible in that situation and it really isn't. Even when the input isn't shown briefly before being obscured (like entering your iPhone's passcode), it's still understood that if someone can see the keys you tap, the result is the same. Having everything shown in plaintext (while editing) reminds the user to take care about their current surroundings, which is of a greater benefit overall, just like if you were entering your PIN into a credit card terminal or ATM.
Relatedly, we'd recommend generating passwords wherever possible. The password generator's recipe can be changed to accommodate a wide variety of situations. This helps minimise the number of times you might need to manually enter a password into 1Password, and drastically reduces the amount of time that it's shown in plaintext – it's very unlikely anyone shoulder-surfing is going to memorise a password like
U!o*X7w8EAoWQC2uin the time between it being generated and you tapping Save.I hope that goes some way to explaining why 1Password works the way it does, but let me know if you have any questions. :)
— Grey
0 -
i understand what you are saying.
why does 1password obscure password for other situations?
0 -
When you're not actively editing an item, it makes sense to obscure the password field, since you can still Copy it to the clipboard without having to reveal it first. It's only when you're editing an item or have tapped Reveal on a password field that you'll see the password in plaintext.
In web browsers, password fields are designed to be obscured by the web developer, and 1Password can autofill into those anyway, so there wouldn't be any real need to show it in plaintext there.
0 -
maybe consider that as an option to offer to enter as plain text, or enter twice obscured.
0 -
If the password was masked in edit mode then how would you know that you typed the password into 1Password correctly? I foresee that an option to mask the password would create a situation where users would type in a password while masked and not know that they made a typo until they tried to use that password days or months later only to find out that it hadn't been accurately entered into 1Password.
Can you clarify a little further about what kind of threat you're trying to protect against? If you're concerned that you're in an area where someone might peek at your screen while editing a password then I would suggest that you wait to edit that password until you've moved to a safe area.
-Dave
0 -
Type it in twice
0 -
I’m not a security expert, but I do think it’s safe when most websites mask my password. I guess I’m extending it to this.
1 -
Thank you for the suggestion, I've passed it along to the team.
-Dave
ref: PB-33065374
0 -
use case. i understand that 1password can be used in an office enviroment. if i am getting remote help on my computer, and i need to change the password to an account i am getting help with, i could never change the password to something the tech person could not see.
1 -
Thanks @pathfinder76
I've updated your suggestion with your use case.
0
