Android beta exposes TOTP secrets when editing logins that have them
When editing a login with a TOTP field, the value in that field is exposed. Contrast this with the password field which you have to tap on before it is revealed.
On the Mac app (7.0.BETA-9), this field is protected until selected, like the password field.
1Password Version: 7.0.BETA-5
Extension Version: Not Provided
OS Version: Android 8.1
Sync Type: Not Provided
Comments
-
@dcormier Thanks for pointing this out. I think it makes sense to have the TOTP field obfuscated in edit mode until you move the focus to that text field. It's also better to handle things consistently between the clients apps. With that in mind, I'll have my team look into fixing this.
ref: OPA-1539
0 -
I think it makes sense to have the TOTP field obfuscated in edit mode until you move the focus to that text field. It's also better to handle things consistently between the clients apps.
That was my thinking, too.
With that in mind, I'll have my team look into fixing this.
Thanks! That's what I was hoping for.
0 -
:) :+1:
0 -
@dcormier I'm happy to say that we addressed this issue when we completed the redesign of the item detail screen. That was a little while ago, but I came across this thread today and wanted to be sure to update you. If you're on the latest beta, you should see the TOTP secret concealed in edit mode, unless the focus is on that particular field. Thanks for reporting the issue!
0 -
:)
0
