Feature Request: Fill passwords into non-browser apps without copy/paste
Currently when you want a password in something other than the browser, like the App Store app, you copy it then paste it into the password box. I like the fact that 1Password clears the copied password after an interval, but it's still a bit messy - there's still potential to slip up during that interval, and the password will still get saved into apps that integrate with the clipboard, like Alfred and Pushbullet, unless they specifically handle 1Password differently.
I noticed that you auto-submit in browsers by simulating the Enter key with an AppleScript. Can a similar approach be used here? ie, an action that simulates typing out the characters of a selected password.
Comments
-
Hi @TristanBerger,
Thanks for taking the time to write to us :+1:
The auto submit AppleScript is only available in the Mac App Store version and it will only perform an Enter key press. It happens after the actual filling occurred.
1Password needs the browser extension to be installed in browsers in order to fill.
If we were to fill in 3rd party native Mac apps, we need to have an API similar to the iOS App Extension API that 3rd party developers would use in their apps to integrate with 1Password.
Thanks for letting us know that you are interested in this feature, I will pass it along to my colleagues :smiley:
Hope that this answers you question.
Cheers!
0 -
Hi @Rad,
Thanks for the reply, but what I am imagining is a bit different. The extension API idea is certainly a strong solution, but support for it would take time, and some or many apps would never support it. I suggest that apps with no knowledge of 1Password can still be handled without the clipboard, by opening 1Password Mini, finding the account manually, and triggering an action that simulates typing that account's password, trusting that the user had focus in the correct input box beforehand.
I did a quick test and it seems plausible so far. I was able to write an AppleScript that writes a specified string, link it to a global hotkey, then press the hotkey while in a system password field (in the App Store app) and have the string written into the password box.
0 -
Hi @TristanBerger,
Thanks for getting back to us :smiley:
When 1Password mini connects to an extension in a browser, we do code signing verification by default (see Preferences > Advances > Verify browser code signature), which means that 1Password mini "knows" that it will be filling into Safari, Chrome or Firefox. Whilst with the auto type approach, 1Password will auto type in frontmost field that is focused, which may or may not even be a password field.
So the AppleScript approach may also cause filling in the "wrong" field or even the wrong app if the user is not very careful.
We need to consider all security aspects before implementing such a feature. We need to do it right: convenient and secure.
Thanks once again for letting us know that you're interested in 1Password filling into 3rd party applications. I will add your vote to the feature request in our issue tracker.
Best,
0 -
@Rad Thank you for your reply again. Your concern about security is definitely true, but it seems to me that 1Password's security is already dependent upon the user's correct use in a number of ways. For example, the clipboard is a public area (to apps on the system); once copied a password can be pasted anywhere; and the user can (inadvertently or intentionally) install apps or browser extensions that intercept passwords as they're being sent to a website, after filling. So I think the question shouldn't be whether auto-typing the password is perfectly secure (it isn't), but whether it is more secure than copying and pasting it.
As a side-note, I've imagined for a while how great it would be if we had a well-supported standard for secure communication with a password manager: it would eliminate most problems with today's password approach, such as the ease-of-use problem, people choosing insecure passwords, and exposing passwords to the broader system. I heard in an interview that 1Password has broader aspirations for personal security, so it would be very exciting to me if this were something you guys are trying to make into a reality, and something I would want to help with in any way I can :smile:
0 -
Hi @TristanBerger,
Thanks for the feedback :smiley:
The clipboard clearly has its issues, and so does auto type. For more information, I think that you should read our recent blog post about Avoiding the clipboard with 1Password and Lollipop. It's about Android, but has some interesting information nonetheless.
I do not think that auto type is the solution for integrating 1Password for Mac with 3rd party applications, especially after implementing the integration with 3rd party apps with 1Password for iOS by offering the App Extension API.
Our goal for 1Password for Mac, is to offer something very similar to the iOS App Extension API. At the moment, the Apple APIs do not enable us to use
NSExtensions, so we need to find a secure and convenient way to do it.I am really happy that you wish to help us, so I added your vote for the feature request. We don't know when this feature will be implemented, but please keep an eye out of our Mac betas. That's where it'll come first :smile:
Best,
0 -
@Rad Alright, thanks. I wasn't aware that auto-type is already implemented in 1Password for Windows. Well I hope your team can figure out a good way to implement extensions, and I'll be keeping track of updates.
0 -
Hi @TristanBerger,
Thanks so much for getting back to us :smiley:
If there's anything else I can do to help, please let me know :wink:
Cheers!
0
