Read first: Previous version support information

Feature request(or bug?): Focus not taken by app when tabbing

DariusR
DariusR
Community Member
in 1Password 4 for Windows

Hello,

When tabbing to the 1Password6 to paste the Master Password for login(which I store in an offline password manager), the text box never has focus, even when the text entry line is flashing. As a result, when I hit 'paste', my password starts getting pasted into whatever is actually in focus (a window behind 1Password6).

Please fix it? :)

Thanks

1Password Version: 6.8.492
Extension Version: Not Provided
OS Version: Windows 10 Professional
Sync Type: Not Provided

Comments

  • MikeT
    MikeT
    edited January 2018

    Hi @DariusR,

    Thanks for writing in.

    First, I strongly discourage using the copying/pasting master password method, copying/pasting means your master password is exposed to all apps. When you type into a password field, Windows do try to isolate it as much as possible but Windows cannot protect your clipboard at all, it is exposed to all processes. Make sure the other password manager clears your clipboard on a timer too.

    We can't fix it because we can't reproduce it. We've heard of intermittent reports of this over the year but no one has found a consistent step to reproduce. Focusing is a constant issue on Windows and each time we try to change it, it regress for others while improved for some.

    Can you easily reproduce it and if yes, please give us the step by step, no detail is too small.

  • DariusR
    DariusR
    Community Member

    Hi @MikeT

    Thanks for those notes. I had made a false assumption that copy/paste from Keepass had a similar level of security as auto-type(which uses TCATO). I have the auto clipboard clearing in Keepass set to 5 seconds but have stopped using copy/paste for the master password based on your feedback.

    I've reset my password and instead use the auto-type feature built into Keepass.
    When auto-typing the password only, this appears to be working as one would expect it to. The window and password entry field receives focus and password is entered.

    Auto-type in Keepass is using Two-Channel Auto-Type Obfuscation (TCATO), which although not perfect, is theoretically not any less secure than typing the password out manually. The risk of human error (auto-typing to the wrong window) still remains of course.

  • SergeyTheAgile
    SergeyTheAgile

    @DariusR I just wanted to highlight that if there is a keylogger installed, it's game over for security. In a way obfuscation works for the bad guys, it makes good people believe they are secure when they are not.

This discussion has been closed.