Android beta exposes TOTP secrets when editing logins that have them

dcormier
dcormier
Community Member
edited April 2018 in Android

When editing a login with a TOTP field, the value in that field is exposed. Contrast this with the password field which you have to tap on before it is revealed.

On the Mac app (7.0.BETA-9), this field is protected until selected, like the password field.


1Password Version: 7.0.BETA-5
Extension Version: Not Provided
OS Version: Android 8.1
Sync Type: Not Provided

Comments

  • mverde
    edited April 2018

    @dcormier Thanks for pointing this out. I think it makes sense to have the TOTP field obfuscated in edit mode until you move the focus to that text field. It's also better to handle things consistently between the clients apps. With that in mind, I'll have my team look into fixing this.

    ref: OPA-1539

  • dcormier
    dcormier
    Community Member

    I think it makes sense to have the TOTP field obfuscated in edit mode until you move the focus to that text field. It's also better to handle things consistently between the clients apps.

    That was my thinking, too.

    With that in mind, I'll have my team look into fixing this.

    Thanks! That's what I was hoping for.

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

  • @dcormier I'm happy to say that we addressed this issue when we completed the redesign of the item detail screen. That was a little while ago, but I came across this thread today and wanted to be sure to update you. If you're on the latest beta, you should see the TOTP secret concealed in edit mode, unless the focus is on that particular field. Thanks for reporting the issue!

  • dcormier
    dcormier
    Community Member

    Thanks for letting me know, @mverde!

This discussion has been closed.