1Password Login using iOS standard echo of characters as you type

AudioBear
AudioBear
Community Member
edited February 2014 in iOS

Surely I cannot be the only one who thinks echoing the password characters as you type is a bad idea.
Easy to film, record or some such, they have access to all my passwords.

I don't actually use iPassword on my ipad when out and about because of this!

Comments

  • Nik
    Nik
    1Password Alumni

    Hi, @AudioBear. As you noted, this is standard in iOS. I have not yet seen an application in which password entry is completely obscured. If you have, could you provide an example? Thanks!

  • ethansisson
    ethansisson
    Community Member

    I'll admit to getting a little paranoid about it too sometimes when I'm away from home. I just make sure to turn away from any possible cameras or shoulder surfers and tuck my phone in close to me. No biggy to me.

  • AudioBear
    AudioBear
    Community Member

    NIK: Sadly I don't have any examples, perhaps a custom entry field is not beyond the Objective C realms of such a talented team ;-)
    It seems to me a real problem, lots of time and effort getting your passwords into a secure system. Lots of your time and effort making it secure and yet just filming me using 1Password is all it takes to unlock all my secrets. Low hanging fruit indeed.

    ethansisson: It is actually quite hard to hide from cameras in some places, especially cities like Manchester UK which are reckoned to have the most street/road cameras : (
    But what about everyone who has a mobile device with camera, home security, building security...

    I think it should be fixed as a matter of urgency.

  • @AudioBear We appreciate your position and how security conscious you are. The reality is that while we could implement a password field that is completely obscured, it's important to remember that digital security is all about tradeoffs. In this case it would be a significant detriment to usability to reimplement a control that Apple has spent significant resources tuning to be the correct mix between security and usability.

    The other thing that's important to remember in this case is that even if your master password were compromised in this manner, it would not compromise access to your logins as the person would still need access to your 1Password data.

    best,
    Michael Fey
    mrrooni@agilebits.com
    AgileBits

This discussion has been closed.