My thoughts on preferred behavior...
I want to share some thoughts I had on how I would want a password manager to work in a perfect world.
Some basic conventions I think should be true:
- You should never have to enter the Password Manager app unless you want to create, read (expose actual passwords), update or delete data. It should not be necessary to run the app just to have credentials auto-filled.
- I should be able to use the browser/app of my choice and still have credentials be auto-filled.
- I should not have to change applications (copy & paste) to autofill credentials.
- If I have access to the phone (i.e. passed the lock screen) then I should have be able to use the autofill feature. The master password should only be necessary to create, read (expose actual passwords), update or delete data.
With those conventions in mind, here's how I would like it to work:
- You're browsing a page or running an app.
- A background service determines that foreground app or webpage is one credentials exist for.
- I get a notification.
- I click the notification.
- Credentials are filled in (and optionally submitted).
Or:
- You're browsing a page or running an app.
- I click a username or password field.
- A keyboard button becomes enabled if credentials exist for current app or web page.
- I click the newly-enabled button.
- Credentials are filled in (and optionally submitted).
Thoughts?
Comments
-
Thank you for sharing your view on password manager conventions. You obviously have a very clear idea of how you would like a password manager to function. As you may have guessed, we too spend a fair bit of time thinking about this , and I can say that we have similar views to yours. For example, we tend to agree that it is cumbersome to always have to enter your master password, so we provide the option of a quick unlock code and the option to enable/disable lock on exit. Both of these options can be found in Settings -> Security.
At the moment, any interaction with 1Password need to be done through the app. While this is fine from a security standpoint, it's not so ideal when it comes to convenience. We are currently examining mechanisms that will allow us to make 1Password available through browsers and more of the OS. You are in good company here, as both notifications and custom keyboards have been suggested as options for enabling this (great minds, etc.). We are also looking into methods of integrating with popular browsers.
1Password 4 beta on Android still has lots of changes in store. So feel free to keep the suggestions coming and stay tuned for new features.
0