iOS 12 and the new Password API
Comments
-
At the moment this is the only documention we have on Password AutoFill:
Use 1Password to fill and save on your iPhone and iPad
I’ll let our documentation team know of the request for an overview of what happens ‘under the hood.’ Thanks!
Ben
0 -
You’re probably right, but we do have documentation on how that works for anyone interested:
About Face ID security in 1Password for iOS
Ben
0 -
You’re welcome. :+1:
Ben
0 -
I have multiple vaults in my 1Password account, but set the All Vaults setting to exclude a few of them that are only used occasionally. When I fill the old-fashioned way using the share sheet, only passwords from the included vaults are presented. When I use the new API integration, passwords from the excluded vaults still show up. Am I missing a setting somewhere?
Thanks.
1Password Version: 7.2
Extension Version: Not Provided
OS Version: iOS 12
Sync Type: 1Password account0 -
I’ve merged your thread with another on the same subject. Please see this post. Thanks!
Ben
0 -
@ag_kevin Please add a +1 for limiting vaults when using the auto fill API. I’ve set the preferences in 1Password to exclude a few vaults from All Vaults. It would be great if the new auto fill would respect that setting.
Thanks.
0 -
+1 for limiting vaults when using auto fill.
Also, when the keyboard displays initial 1P info in the center, it is showing way too much info, such as login info (no passwords of course) to the website which, as stated by others, can be seen by “over shoulder lookers”. It should just show the title instead.
0 -
@Ben I think @1Ray means additional entries for secondary passwords such as decryption keys that might until now have been stored alongside the main entry in the vault.
@ag_kevin Do you mean that 1P is not allowed show the full item information in the UI it presents for autofill? The UI presented by the old extension is much more complete, and allows the user to browse all the info in an item by tapping the (i) button.
0 -
Hi @johnnywoz ,
The login information shown above the keyboard is not configurable by 1Password. When you bring up the 1Password UI, we are able to configure that. We have more control over what is displayed there. We do show the item title and username there to help distinguish items when there is more than one login for a given site, but we can consider tweaking that.
@glessard , I'll send your feedback along to the rest of the team about enabling the ⓘ button.
Cheers,
Kevin0 -
Okay, thank you for the additional information, but I think perhaps we're still not 100% on the same page. This would be a field other than your username, password, and TOTP code that is required to log in? Do you have an example of such a form?
In cases where that is required it may make sense to continue using our extension, rather than Password AutoFill. As far as I'm aware Password AutoFill is limited to filling usernames and passwords -- it doesn't handle additional fields at the moment.
Ben
0 -
@Ben It's not one form as much as a set of forms...
A first example is security questions. I set my questions to ones for which there is no possible answer, then use generated random-words-passwords as answers, which I save in 1P. If I have to enter those, I would prefer to be able to get to them through autofill if at all possible -- less friction is better.Example 2: in Backblaze, you get your best possible security by defining a custom encryption key for your data store. So, in order to restore, you then need to (step 1) log in with your username and password, and (step 2) enter your encryption key in some additional field in the UI. In Backblaze's iOS app, this additional field allows you to invoke autofill and 1P's UI comes up; however since I've set up that encryption key as a secondary password in my 1P item, I cannot get through it from autofill. The old extension has a much more complete UI; it seems there was too little code reuse!
0 -
Password AutoFill doesn't have the ability to fill these things, but it may be possible for us to display them in the UI when tapping on the key icon. Thanks for the feedback. :+1:
Ben
0 -
Okay, thank you for the additional information, but I think perhaps we're still not 100% on the same page. This would be a field other than your username, password, and TOTP code that is required to log in? Do you have an example of such a form?
Yes, some banks have the irritating habit of asking for a different password (though it's not actually a password), such as your mother's maiden name, your first school etc. The problem is that they rotate the password they ask for. (Technically speaking, it's not a password, though the field is masked).
In other cases, say for a backup/restore service, the login can ask for a password to log into the service, then a separate password for the encryption key. It would be great if they could be stored on the same 1P record, but in this case, I think we'd have to just have a separate record.
0 -
I just tried this out for creating a new login, but it looks like the generated password is lost. I can't find it as either a password or a login. I assume that's not supposed to happen?
0 -
I am a little confused how the security works behind this. When I open an app and bring up the login screen, I see the suggested username from 1P. However it never prompted me to login to 1P to retrieve the username/pw. Is there a 'timeout' for when it will prompt me to login to 1P? If someone can login to my phone it seems like they can open any app and log in with out being logging into 1P.
I know I can turn this feature off an go back to the old way.
Thanks for any input you can provide.
0 -
That's the thing i even asked for.
https://discussions.agilebits.com/discussion/comment/461350/#Comment_4613500 -
I just tried this out for creating a new login, but it looks like the generated password is lost. I can't find it as either a password or a login. I assume that's not supposed to happen?
@invictus26: What did you actually do? Do you maybe have iCloud Keychain enabled and saved it there instead of 1Password? Please let me know the specifics.
0 -
I am a little confused how the security works behind this. When I open an app and bring up the login screen, I see the suggested username from 1P. However it never prompted me to login to 1P to retrieve the username/pw. Is there a 'timeout' for when it will prompt me to login to 1P? If someone can login to my phone it seems like they can open any app and log in with out being logging into 1P.
@davethis: I'm not sure I follow. I'm prompted for Touch ID any time I select login credentials to fill using the iOS 12 Password Autofill UI. And if I do so through 1Password instead, it uses the security settings I've configured there. Maybe you just want to enable 1Password Settings > Security > Lock on Exit to make the experience between the two more consistent. If you had something else in mind, let me know the specifics.
I know I can turn this feature off an go back to the old way. Thanks for any input you can provide.
Yep! Also, technically, you can still use the old 1Password iOS extension without disabling Autofill — very handy for using stuff other than login credentials. :)
0 -
@brenty
I meant this sentence in the Changelog:You can even create new logins with strong, unique passwords, all without having to open the main 1Password app.
Not only that, if you have a 1Password membership your information will automatically be kept up to date across all your devices and computers when using Password AutoFill. It’s just wonderful.This reads as if the vault is then saved in clear on the iPhone and you no longer need to install 1P on the other devices.
In any case, I understand it this way. ;)0 -
@brenty Thanks for the reply. For my 1P setting, I have Lock on Exit enabled and Prompt after 1 minute selected. If I open an app, on the credentials page, I am never prompted for for Face ID, I never see the Face ID animation. I see and can tap on the username for that app an it fills in the creds. ( I even tried covering the camera just in case Face ID was happening in the background)
In the Password settings for the Phone I disabled/enable AutoFill and restarted the phone but still the creds are filled in without Face ID.
So weird.
I can probably take video of this evening, any way to PM you the video or link to it?
Thanks!!
0 -
Could you please try enabling 1Password > Settings > Advanced > Security > Always show lock screen for Password AutoFill? If that does not resolve the issue we’d be happy to review a video. If you upload the video to YouTube or similar you can post the link here (if nothing sensitive is shown) or email it to us at
support+forum@1password.com. If you email it please post the support ID you’ll receive when you send your message here.Ben
0 -
@Ben Thanks, once enabled that is the way I expected it to work OOTB. Maybe suggest to your product or dev team to move the setting so it is not as buried. Or maybe make this the default behavior and let users turn it off. Better to have more than less security.
Thanks again!!
0 -
Glad that helped. I haven't heard feedback from anyone else who wanted or expected) it to work that way, so I think it's probably a good default, but I'm glad we're able to offer an option to get the behaviour you wanted. :)
0 -
@brenty I went to invisionapp.com and tapped the get started button, entered my email and then tapped the passwords button on the keyboard, which brought up the 1P interface. I tapped the Create Login button, generated a password, and then it filled it into the form.
I don't have iCloud keychain enabled either in general or for autofill.
0
