1PW7 Request for handling of Web Site Secret Question Answers

pbGuy
pbGuy
Community Member
edited August 2018 in Lounge

I use Quick Fill ( Cmd+/ ) a lot.

And unless I'm not creating more effective setups for insertion of login answers to secret questions, I currently have these answers setup separately (within 1PW) similarly as a login username. ...I've tried setting up answers as passwords, but upon selecting the answer (from 1PW Mini pop-up selection when it's setup as a password), nothing gets filled into the site's answer-space (at its URL). Setting up answers as a login username, since such is text, is the only way, I've found, web sites will accept insertion of the answer.

Given I have multiple, 1PW logins (for myself and an elderly parent) at particular financial institutions and when 1PW Mini is invoked (offering selection from the multiple, user login details), the 1PW Mini window (while visible) clearly shows the text answer(s) to login question(s).

While I realize web sites do not treat answers as passwords (but, as clear text), I would like 1PW Mini to hide answers so they are not visible in the 1PW Mini window's pop. ...Seeing the Secret Question, or how it's been setup in 1PW, is Ok. It's simply the answer I'd like hidden within 1PW Mini (even though when the answer is inserted, it will momentarily be viewable, since it's text, at the URL.)

I use my MacBook Pro mostly in my home office and in a controlled environment, but every time I see the secret question answers in the clear, while 1PW Mini is viewable, I'm reminded this would be a momentarily, vulnerable occurrence if I were in a public situation. So if there's a way to hide these answers within 1PW Mini, I think it add to security robustness.

Thanks.


1Password Version: 7.0.7 Membership
Extension Version: 4.7.2
OS Version: 10.13.6
Sync Type: iCloud

Comments

  • prime
    prime
    Community Member
    edited August 2018

    You can do this already (hide the answers). Under login for that site, just scroll down until you see “add new section”. Under the “section name” put in the question, then “add new field” select password, so this will conceal the answer.

  • pbGuy
    pbGuy
    Community Member
    edited August 2018

    Your suggestion does hide the answer, but invoking fill (even with it being set to Always), using Cmd / {to invoke 1PW Mini} -> select -> clicking Return (all simply using the keyboard), doesn't insert the answer into the insertion space. ...It stays blank.

    A manual copy-paste (requiring select + 2 manual-steps of copy & pasting in lieu of simply clicking Return) seems the only way to complete insertion of the answer. ...And, this defeats the easier select (using up / down arrow keys) and then, fill (by clicking Return) when the answer is setup in the upper, username section.

    Is there's something I'm missing?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @pbGuy: If by "doesn't insert the answer into the insertion space" you mean that 1Password doesn't fill these custom fields into web pages, that's correct; it has no way of knowing what to do with them. But if you're suggesting that the text you enter into these fields should be hidden while you're entering it, that's not something we have plans for. That would make it difficult for people to see what they're entering in the first place without offering much security benefit. Prime's suggestion will obscured these fields when you're viewing those items in 1Password mini though, which is the thing you said you were trying to do in the first place. If there's something specific you're trying to accomplish please clarify.

  • pbGuy
    pbGuy
    Community Member
    edited August 2018

    @brenty... To clarify, I'm not suggesting / requesting the Custom Question's text Answer be hidden upon insertion (like a password) into the web page's Custom Field.

    [However, these Custom Fields should be treated, by the web site, just like passwords. (Oddly enough PINs are treated like passwords.) Answers are proprietary and shouldn't be made insecure by the text being viewable when inserted regardless how it occurs - typing or 1PW fill. ...The ultimate resolution is getting rid of these Custom Questions in favor of 2FA; but many sites retain the insecure process of Custom Questions.]

    I am requesting when 1PW Mini is invoked ( by... Cmd / ) and pops-up (1PW Mini now being plainly viewable onscreen) that Answers to Custom Questions be hidden within 1PW Mini (in other words, only the Question is viewable).

    [Prime's suggestion places the Answer (to Custom Questions) in a Section below the username / password Primary Section. When the Answer is in a lower, Section (from the Primary Section), the fill doesn't work since only the Primary Section details (for username & password) react to the URL for fill.]

    Currently, a Custom Question's Answer must be setup, within 1PW, as a "username" (in a separate, web site login element for the specific, custom question's URL) for 1PM Mini to be able to fill the Answer into the web page's Custom Field. But as a username is viewable text, I would like 1PW Mini have the ability to hide this Answer text within 1PW Mini. ...I hope this clarifies.

    On the face of it, it seems this request could be partially fulfilled by enabling the Primary Section (currently, only for username & password) be capable of setting up additional entries.
    Since additional URLs can be set-up for the Primary Section, these additional entries (Question -> Answer) could then react to the custom field's URL.
    Then additionally, 1PW could have some coding magic applied within 1PW, whereby the Answer is bulleted (like a password) within 1PW & 1PW Mini, even though when inserted into the web page's custom field, the Answer is inserted as viewable text.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @pbGuy: Thanks for clarifying, but 1Password does not have "security answers" fields at all. If you have those, it's only because you added them yourself. And when you do so, you are free to set their type as "password" as suggested above to conceal their contents if you wish. Also, 1Password cannot fill "security answers" since these are not standard web form fields; it simply has no idea what to do with them, especially if they're in a custom field you created yourself, as they have no identifying designation on the web page that they can be matched to. Making it possible to add custom fields to the primary template would not change this, but perhaps someday in the future it will be possible for us to get 1Password to fill in situations like these. I do hope that this practice goes away long before then though. I'm sorry for the confusion surrounding this.

  • pbGuy
    pbGuy
    Community Member
    edited August 2018

    @brenty: If an Answer is set-up as a password (created in Section below the Primary Section, or in the Primary Section), 1PW Mini can not fill (even when the set-up includes the correct, web page's Question URL). One must do a manual & sequential, copy & paste in order to get the Answer filled into the web page, custom field. ...This requires 4 steps (select Answer from 1PW Mini Suggestions, copy, click into web page custom field to insert, & paste).

    Whereas when the Answer is set-up as a login username (albeit, this reveals the Answer in 1PW Mini) with the Question URL, one can then invoke ( Cmd / ) 1PW Mini, use the keyboard arrow keys to select, & simply, click Return to have the Answer filled (w/o additional keyboard action) into the custom field. ...This is only 2 steps (select Select Answer, click Return key).

    I understand 1PW doesn't have "Security Answers" fields. But since they are seemingly like PINs, which can be set-up as passwords (& 1PW Mini can submit to the custom, PIN field), it seems Security Answer fields in 1PW, should work in the same way. Although PINs are numbers and Answers are text, both are related to custom fields at specific, web site URLs, just as is done for username and password. ...Based upon your prior post, it seems you're saying the web page coding, for Security Answers, is different; thus, defeating Answers being submitted like PINs. :p

    Anyway, I was hoping AgileBits might find some magic coding mechanism whereby the Answer (or, even a username, for that matter) could be hidden from simply being viewable when 1PM Mini has been invoked. ...I guess not; but that's Ok.

    Thanks for the patient discussion. Cheers.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @pbGuy: Haha me too! Thanks for getting back to me. For now, 1Password's filling logic depends entirely on us programming mechanisms for specific use cases, such as login forms with usernames and passwords. There's a standard for that, and while it's not followed quite to the letter a lot of the time, it's something we can work with. Indeed, it would be pretty cool if we find a way for 1Password to understand stuff like security questions too in the future. Maybe machine learning. I don't know. We'll see what we can come up with. Cheers! :)

This discussion has been closed.