AutoFill and the Safari Extension

This discussion was created from comments split from: Native Password AutoFill Extension macOS.

Comments

  • TooSlimSam
    TooSlimSam
    Community Member

    Here's one more user asking (please!) for native autofill on the Mac. I like 1Password, and our whole family has found it to be invaluable. But the Safari extension is by far the worst part of the experience. Apple has thoughtfully provided a far better autofill mechanism. It works fine in 1Password for iOS! I'm baffled why the developers have chosen to ignore native autofill on the Mac. And this isn't just a UX issue -- both the Safari extension and the "Universal Autofill" solution gratuitously violate the principle of least privilege. Fixing this deserves to get a higher priority.

  • Hello @TooSlimSam! 👋

    Thank you for the feedback and the request, I've passed it along to the team.

    But the Safari extension is by far the worst part of the experience.

    Can you tell me a little more about this? Are you and your family running into issues with either the browser extension for Safari or Universal Autofill? The team would love to investigate these issues further so that we can improve the experience.

    -Dave

    ref: PB-38145918

  • TooSlimSam
    TooSlimSam
    Community Member

    Dave, thanks for your response, and my apologies for being so slow to get back to this. Here are some of the issues I have with the browser extension:

    1) The 1Password extension will get in the way in fields where it's not needed.
    2) The 1Password extension can be unresponsive in fields where it is needed.
    3) The 1Password extension makes it harder to use "Hide My Email", which would ideally be provided by Safari native autofill.
    4) An extension that injects Javascript into every web page I visit violates the principle of least privilege, and for no good reason that I can see. This is puzzling, coming from a company that's focused on security.

    I haven't tried Universal Autofill and am reluctant to do so, primarily because it takes #4 to another level.

  • @TooSlimSam

    Thanks for the reply. I'll respond below:

    The 1Password extension will get in the way in fields where it's not needed.

    Are you able to provide examples of this? 1Password in the browser uses our own filling brain which we have the ability to update and improve. I would be happy to file reports to have this get fixed on any websites where you're seeing the issue.

    The 1Password extension can be unresponsive in fields where it is needed.

    Do you mean that you see the 1Password icon in a username or password field but that nothing happens when you click on it? Does the issue resolve if you close and then reopen Safari? Does this also occur on specific webpages or randomly?

    The 1Password extension makes it harder to use "Hide My Email", which would ideally be provided by Safari native autofill.

    Thank you for the feedback. We do have an integration with Fastmail's masked email alias feature but, last I checked, there wasn't a way to integrate with Apple's Hide My Email in the same way. I've passed this along to the team to look into further.

    An extension that injects Javascript into every web page I visit violates the principle of least privilege, and for no good reason that I can see. This is puzzling, coming from a company that's focused on security.

    Security and privacy are top priorities and the extension is carefully designed and coded to be secure. 1Password will never fill a login into a webpage unless certain conditions are met:

    1. The website matches the URL that you have saved for that login in 1Password.
    2. You perform an action to consent that the login is filled, such as clicking on the login suggestion or pressing Command-Backslash.

    We also undertake multiple independent security audits of our apps and extensions, which you can read about here: https://support.1password.com/security-assessments/

    Our browser extension allows us to provide a consistent 1Password experience across all browsers and platforms. 1Password in the browser also allows for the support of features that wouldn't otherwise be possible such as masked email aliases, filling of identity and credit card items, advanced filling capabilities using our own filling brain, and more.

    -Dave

    ref: PB-38473321

This discussion has been closed.