Secure Input locks out TextExpander
Comments
-
Drew_AG,
I did look at the converter and it looks very straighforward. However in the meantime, I had manually entered a few sites to check out 1Password. I use the MAC and one of my favorite and most used apps is Text Expander. I have been using Lastpass for some time with no conflicts. On the last LastPass update, I continually get the infamous "Secure Input" message which locks out Text Expander. I asked LastPass and basically they said "not my problem". I had read somewhere that 1P had solved this issue and that is why I DL'ed the trial version. When trying the few sites I had entered, I immediately got the same "secure input" message. I did check the forum, but see nothing current on this issue (or I missed it). So a main motivation for using 1P has gone away. Bummer!
0 -
Hi @RannyWelton,
This issue is different than the topic of the previous discussion, so to avoid confusion, I've moved it to a new thread. I hope you don't mind!
Thanks for asking us about that, I'm sorry you're running into some trouble between 1Password, TextExpander, and the "Secure Input Enabled" message. Most of us here also use TextExpander - it's an awesome tool and I'm not sure what I would do without it! Hopefully we can help to figure out what's going on here.
Can you please elaborate on when the problem happens? In other words, what exactly are you doing with 1Password when you see the "Secure Input" message and TextExpander becomes disabled? If 1Password is enabling secure input when it shouldn't be, or if it isn't disabling secure input when it should be, that's certainly something we would want to fix. I'm not sure if you have a specific set of steps you can give us, but the more you can tell us about when this happens, the better.
Now, the fact that TextExpander becomes disabled when Secure Input is enabled is correct behavior, because the point of Secure Input is to prevent other apps from seeing what you type. For example, when you unlock 1Password by entering your master password, you're typing it in a secure input field (you wouldn't want malicious apps or keyloggers to know your master password). The problem that can happen is that sometimes, apps don't correctly disable secure input when they should, and therefore TextExpander can't re-enable itself. The TextExpander site has more information about this here: https://smilesoftware.com/textexpander/secureinput (That page mentions a problem in an older version of 1Password which has since been fixed.)
Once we know more about when secure input is being enabled for you, we'll have a much better idea of what's going on and whether it's expected behavior or not. Thanks in advance! :)
0 -
Drew_AG,
Thanks for setting up new thread - was not sure how to do so and keep everything intact.
I do not know what process I went through to get the Secure Input message. I had just started using 1P when it happened, so, candidly, I just moved back to LastPass rather than learn the 1P process.
I do like what I see so far, so I will take another look at using 1P and take good notes as to the sequence of events and repost.
Thanks,
Ranny0 -
Hi @RannyWelton,
Currently we enable a setting that blocks anything listening to the keyboard whenever you are either entering your Master Password or editing an item from inside 1Password. There is definitely a delay but leaving item edit mode does re-enable TextExpander for me.
What I do notice is if you leave 1Password in edit mode and switch to another application (so it isn't in the foreground) it does maintain the Secure Input state which effectively disables TextExpander. It's a tough call to make and I'm not saying we've perfected it yet but we do want to ensure our user's vaults are safe. Are we worried specifically about TextExpander? not in the slightest - we love TextExpander here. As an aside, after I was introduced to it on the Mac I went straight out and purchased it for iOS as I love it. What we're worried about is that less honest services can also make use of the same functionality as TextExpander to listen to what the user is typing, that's why OS X has this Secure Input state that can be activated to stop this. I'll leave it to the security experts to decide what can be relaxed whilst still ensuring user's vaults are safe. As long as 1Password isn't asking for your Master Password or you're currently editing an item it shouldn't lock TextExpander. If it did all of us here that help users would be pounding on the developers doors as they're slowing us down :tongue:
0 -
Update - I used the suggested process and imported everything from LastPass with no issues. I have been trying many different things to replicate the Secure Input state using 1Password and have been unable to get it to trigger. I have no clue what I did to trigger when I set it up, but may have done what was stated above - left when in edit mode. 1Password works great and have been using TextExpander for most everything as I normally do. Thanks for everyone's help and suggestions. If I run across any issues, I will bring up again. You guys have been great. Thanks! Ranny
0 -
You're quite welcome, @RannyWelton! I'm glad littlebobbytables was able to help explain a bit more about how that all works. If you do happen to find a problem with 1Password and Secure Input, or of course if you have any other questions related to 1Password, please let us know. We're always happy to help. I hope you enjoy 1Password! :)
0 -
I have the exact same problem for months now. TextExpander is no longer working and it tells me that "Secure input enabled by 1Password 6". It starts the minute I put an insertion point in any 1Password field and try to enter the shortcut for my email address, which I have to type manually now.
0 -
That's correct, @ubercool.
TextExpander works by listening to your keystrokes and making substitutions for you. That's really handy, but it's not the only class of apps that listen to keystrokes. Keyloggers also do. Keyloggers are malware that listen to your keystrokes waiting to capture some sensitive information. We enabled Secure Input everywhere in our app to stop keyloggers from seeing anything you're typing into 1Password. The upside here is better security. The downside is that it breaks workflows that rely on TextExpander and apps like it. We love TextExpander, and we use it ourselves. Unfortunately there's no way for us to selectively decide which of those apps can see the keystrokes. We're still considering allowing a way for some type of customization of this feature that may allow some of the TextExpander functionality to return. At the end of the day it boils down to a Security vs Convenience thing. Not everyone is looking for the same level of security.
I hope this helps explain things.
Rick
0 -
This is the issue I am researching. I think I understand better now. A common use case is that 1P automatically saves a password for a new site login that I create but it often fails to include my email address as the id for the login. I would love to be able to use my TextExpander shortcut to insert my email address to 1P for that login but I am not able. I guess that is because TextExpander has been disabled in 1P. Correct? Count me as a +1 to find some solution to this problem.
0 -
I've had to resort to copy/paste for regular Textexpander snippets I use in 1Password (full name, email address, etc). It is significantly more cumbersome than before. Is there something out there that will take a snippet and expand it into the clipboard automatically?
0 -
@madaroda not that I know of :(
One option could be to use a clipboard manager that allows you to search for things you've copied in the past. It still wouldn't be as convenient as using a text expansion tool, but it's definitely easier than having to copy and paste the item every time you want to use it. And 1Password automatically deletes passwords from your clipboard so you don't have to worry about your passwords being saved :) I'm fond of Alfred and LaunchBar myself.
0 -
I forgot about Alfred. I have it and looked into it. Its clipboard functionality includes its own snippets that, when invoked, copy the expanded text into the clipboard. No search required. There are good instructions at https://www.alfredapp.com/help/features/clipboard/, halfway down the page.
0 -
I am using both, Textexpander and 1password for some years. These apps belong to the best and most used tools on my apple devices.
This issue with the Secure input is caused by some changes in 1password's software - I was told yesterday by smileonmymac - will be solide soon?
Even now - 20.05.2016, 5:14 - it happens irregularly that the expansion of Textexpander snippets stop, when I am editing inside 1password and not when I am putting in the master password as it happened in earlier versions of the apps.
The fixes you proposed in this discussion do not solve the problem, they are simply said, the contrary of time saving.
My question to the agilebits crew and esp. to the CEO: will there be a real solution, not just some workout or trick with 1password and this very annoying and tiresome snippet blocking.
Remark: repeatedly explaining the deeper sense of safety problems does not help.
I' d appreciate very much if I could keep working with 1password for many more years to come, but only when this problem will be solved soon.
0 -
Hi @Sunnyc,
I think that Rick’s reply above says it best:
Unfortunately there's no way for us to selectively decide which of those apps can see the keystrokes. We're still considering allowing a way for some type of customization of this feature that may allow some of the TextExpander functionality to return.
At this time, when 1Password is in edit mode, Text Expander will be disabled. I won’t reiterate the reasons for this, but I do apologize for the frustration. Many of us here rely on Text Expander to do our jobs, we know how valuable it is.
I will let our development team know that you are interested in seeing an alternative solution, if one is available.
0 -
Software Licenses Section
-- Entering info about software licenses and related notes is problematic without being able to use TextExpander, for me.
-- Can TextExpander be enabled for the Software Licenses Section of 1P?0 -
@tomwickland I'm sorry to hear that Secure Input causes a bit of an inconvenience while you're entering software licenses. Like some of my colleagues explained above, we're interested in finding ways to enable tools like TextExpander in some parts of 1Password, but right now we've chosen to be cautious so we can ensure that information added to 1Password is as safe as can be :)
0 -
Is there a solution for 1password and text expander to work at the same time? I just started using 1password and that is the most annoying thing right now.
0 -
Hi @sallycng,
Thanks for writing in to ask! I'm sorry this has been so annoying for you.
I'm afraid there's no "solution" for that, because it's intended behavior: 1Password enables secure text input when you edit items. It is a security feature to keep your 1Password data safe from keyloggers. As Rick explained earlier in this discussion:
We enabled Secure Input everywhere in our app to stop keyloggers from seeing anything you're typing into 1Password. The upside here is better security. The downside is that it breaks workflows that rely on TextExpander and apps like it. We love TextExpander, and we use it ourselves. Unfortunately there's no way for us to selectively decide which of those apps can see the keystrokes.
Sorry, I know that's probably not the answer you were hoping to hear! But if you have more questions about that, please don't hesitate to let us know. Have a great weekend! :)
0
