Feature request: Hiding passwords after app switching [Under consideration]
On the iPhone version of 1Password I found that there are times when the last seen 1Password screen will appear before the lock screen when using iOS app switching. If the password on the screen was visible before switching away from 1Password then it will be visible for a brief moment when switching back. An attacker can take a screen image of the page or plug the iPhone into a computer and capture the screen.
This is a common issue when using app switching on iDevices. Since I am not an iOS programmer (very long time Unix/Linux programmer) I cannot recommend how to deal with the problem in code. However, I can recommend that when the app loses focus that the password be hidden.
I was not comfortable that the app would continue to make the password visible even if I was asked for my password or Touch ID. Shoulder surfing is still a problem and I would rather have the password hidden and take an extra tap to reveal it than run the risk of exposure.
If you are worried about changing this behavior because users may rely on it, why not make it an option. That way, those of us who will ask for the password to be obfuscated on app switching can get what they want and those that like the status quo can get with they want. This way, you can tout your stronger commitment to user security and privacy!
1Password Version: 5.5
Extension Version: Not Provided
OS Version: iOS 8.4.1
Sync Type: Dropbox
Referrer: forum-search:hiding passwords
Comments
-
Hi @DCDawg,
Thanks for taking the time to write in to explain this situation to us.
Could you not simply tap on the password and select "conceal" before switching away?
Beyond that I'm not sure what the technical implications are here, as far as what we may or may not be able to do, but I'll certainly pass the suggestion along to our development team.
Thanks!
Ben
0 -
It's not a matter of tapping the screen to hid the password. What if you forget? What if you are distracted? I am one of those people with a short idle time on my iPhone (I am not a trusting person)
There are not "technical" implications but there are privacy implications. With the possibility of the password being revealed by someone else who may have my iPhone, they can see whatever password is on the screen. Screen capture programs can trap the image. If someone other than me can see the password, then the security of that password (already a weak link in the security infrastructure) is diminished. (I currently do this security stuff for a living)
I don't understand why there is a problem with this. 1P is a security-related program and I am pointing out a security and privacy-related issue. Also, according to someone I know who does iOS programming, apps can receive events when they (basically) lose focus. Events are generated if the screen goes off because the button is pressed, idle timeout, app switching, and even for ending an app by swiping up from app switching. Why can't someone just look for those various events and hid the password? How difficult can this be? (asks this former X Windows programmer)
0