Very visible issue with password manager
I'm a web developer and there is an input field on a view in my web-app. This is not a sign-in form. The input: <input type="text" class="form-control" value="" placeholder="Search for a Member">
.
When a user clicks on this input, your plugin adds this tag to the html: data-com.onepassword.iv
and proceeds to open the file explorer!
This is understandably frightening to our users.
I've looked everywhere on your site for a way to disable fields and you apparently refuse to provide one. This is very troubling since your only reason is sites will "abuse" it. How about checking if a form contains a password field, and if not, don't touch the form. Please be respectful of the software environment in which your product works and the consequences of your heavy hand.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: mac, windows
Sync Type: Not Provided
Comments
-
Unfortunately this is not a public application. If someone from 1password would like a screenshare I'd be glad to jump on a call.
0 -
@thejams Thank you for reaching out to us about this. I can certainly understand how the file explorer opening automatically can be unsettling, however, 1Password X simply does not have the ability to perform that action. Is it possible there is some event firing when focus is placed in that field or when attributes are changed? The attributes you're seeing placed in the field are to help 1Password X know where to fill. Since we don't limit filling to just sign-in forms or password fields, we need to evaluate all fields on the page.
0 -
I stripped everything from this input, no listeners or anything. This is within React.
0