Password appearing as plain text in Tooltip text
Hi,
Just installed 1Password 4.1.0.BETA-533 for Windows 7 (64-bit) on a new machine and I'm having an issue where my password is appearing openly in a tool-tip text label in Chrome having logged into my bank account (Lloyds bank UK). In fact, on attempting to replicate this issue just now, I'm leaning towards suspecting that Chrome is responsible for this, not 1Password itself. However, should chrome be able to pick up/harvest passwords which have been passed by 1P to the password field in a webpage?
Thanks,
E
Comments
-
I believe the only tool tip being displayed by the 1Password for Windows extension is the content of a Login item's Notes field (if there is any) when you let the pointer rest over a Login item in the extension menu. (An upcoming build will include an option to disable that feature.)
Any other tool tip you're seeing must be from Chrome, but may have have more to do with the web site than with Chrome itself.
Can you tell us the specific URL, so we can check it out? If we'd need an actual account, perhaps you could post a screen shot showing the tool tip (with your credentials obscured, of course).
Thanks!
0 -
I've realised the following:
1) It's not just Lloyds login, happens on all logins with notes
2) It's not really a tooltip (just looks like one, see image) which persists in place below where the 1P modal (?) dialog pops up when I request a login. It will disappear when the 1P extension button is clicked (or keyboard shortcut invoked) but without doing this it will persist even when 1P is closed and sometimes remains in the background behind a window where I might not see it until a later point; and
3) What appears in the "tooltip" is the content of the notes appended to a given log in, not the log in details. I have been able to replicate it on icloud and other websites.
To answer the question as to why I would put sensitive information in a note, there are two primary cases:
- Most obviously and through no fault to the designers, 1P does not always allow auto-fill with the quirky multi-step security protocols in place for bank logins (or at least I've not figured out how to set this up) and it is often convenient to have this information easily viewable for manual transcription without having to "reveal" it in the app, just need the app unlocked.
- More irritatingly, I can't add sections to a new login in the iOS version so extra information (additonal passwords, etc.) tends to be dropped in a note for later addition in windows or mac. This is how the iCloud security info ended up in a note, hadn't got round to sorting it.
So essentially a usability irritation/limitation make this fairly innocuous bug/feature a problem for me. I will make sure to turn off tooltip notes when this is possible.
0 -
- Yes, that's the point I was trying to make:
I believe the only tool tip being displayed by the 1Password for Windows extension is the content of a Login item's Notes field (if there is any) when you let the pointer rest over a Login item in the extension menu. (An upcoming build will include an option to disable that feature.)
I believe it actually is created using standard Windows tool-tip technology.
See 1, above.
Multiple-page bank logins: Please see the Creating a multiple-page Login article in the 1Password 4 for Windows user's guide.
0 -
Dave,
Thanks for responding so quickly. What I mean that I don't think it's really a tool tip in that the note remains in-situ at the location where the login is selected from popup dialog. Either way, this should be resolved with the tooltip option you've mentioned, look forward to that.
With respect to multi-page logins, not sure if this a Europe specific issue but banks generally get you to save a long memorable word or phrase (over 10 characters sometimes) and request that a specific character be inputted to an unlabelled field. Hence the standard multipage approach won't work I think.
While this is diverging from the original topic, I would love if the functionality and information displayed in each platform variant of 1Password was more consistent. Aside from the inability to add sections in iOS, inconsistency in how items are categorised (routers are accounts in windows!), how and where tags appear (nowhere generally!) between the various flavours of 1P that I use can be frustrating. I hope the experience becomes more consistent in the future.
I do love the app and use it more than almost any other piece of software.
Thanks,
E
0 -
routers are accounts in windows
Routers are routers, but they are grouped (with email and database and server items) under Accounts.
0 -
With respect to multi-page logins, not sure if this a Europe specific issue but banks generally get you to save a long memorable word or phrase (over 10 characters sometimes) and request that a specific character be inputted to an unlabelled field. Hence the standard multipage approach won't work I think.
Yes, and I replied to an example of such a page in another thread, just minutes ago. It's very frustrating, and I don't believe it makes your data any safer than a strong, unguessable, unique password. (That particular case was even worse, though, limiting the customer to a seven-character password!)
Thank you for your support of 1Password, @eoghan.hayes!
0 -
@svondutch I don't really mind how things are categorised or organised once it is consistent. Routers have their own category under iOS and I think Mac. I just wish that each flavour of 1P presented the same set of data in the same way, it can be confusing at times as it is.
0 -
Windows has the exact same item types as Mac and iOS, but some of them are grouped under Wallet and Accounts. That is all.
0 -
Windows has the exact same item types as Mac and iOS, but some of them are grouped under Wallet and Accounts. That is all.
You keep saying that but can you clarify? Is it the same item types that Mac and iOS have now, on v4 and v5, or is Windows v4 the same as Mac v3 was?
I thought that the Apple software used the categories from the newer opvault format and just translates them to agilekeychain for sync purposes.0 -
You can see the list of supported categories for Mac 4 and 5, and Windows 4 here:
https://github.com/AgileBits/onepassword-utilities/blob/master/convert_to_1p4/Utils/PIF.pm
Look at the table named %pif_table. This enumerates the stock categories and their stock fields.
0 -
You keep saying that but can you clarify? Is it the same item types that Mac and iOS have now, on v4 and v5, or is Windows v4 the same as Mac v3 was?
@RichardPayne The same that Mac and iOS have now, plus a few extra ones if you're running agilekeychain.
0 -
@svondutch FIne. But if it's a standalone category on mac and iOS (as it should be, a router isn't an account), then why organise differently on windows? In fact this applies to all organisation, why isn't it the same across platforms?
As an aside, every time I post a suggestion or a query, getting the "you're holding it wrong" response is generally not particularly helpful. If I'm not clear on or don't understand a feature, while I'm not genius (or maybe precisely becuase I'm not), it's usually because the feature isn't clear or understandable.
0 -
@"eoghan.hayes" Starting with version 4.1.0.BETA-539 you can turn OFF the Wallet and Accounts groups. The 1Password for Windows sidebar will then display every item type individually (in other words: not group them in Wallet or Accounts).
0 -
@svondutch Thanks
0 -
On behalf of Stefan, you're welcome!
0