Holding down option (⌥) / alt to reveal passwords

2»

Comments

  • Yeah, cmd-r isn't exactly a great choice when using something in combination with a browser. ;)

  • +1
    This is just one more thing that is really annoying in 8.

  • +1
    I really liked the elegance of the 1PW 7 solution just pressing Option/Alt although I see that it might be problematic in screen sharing situation.

  • BenBen AWS Team

    Team Member

    Hey folks. ⌘R isn't applicable to the browser extension. We don't have a keyboard shortcut to reveal there, at this point. I too liked ⌥, but it caused problems for a lot of folks particularly w/r/t screen sharing.

    Ben

  • Why not make the shortcut configurable and explicitly allow to set just a modifier key without any additional key? The default could be an ordinary modifier + key. Anyone who likes to could then change to Alt / Option only.

  • BenBen AWS Team

    Team Member

    I think customization could be possible here, but having only a modifier key is what is problematic. Holding alt, shift, etc all happens as part of normal typing and as a result can unintentionally cause information to leak.

    Ben

  • I don't know how many people have 1P as their frontmost window in situations where they are concerned about an information leak.
    I only have 1P open when I am actively using it for logging in to some service.

  • @Ben the problems regarding modifier only shortcuts during typing can be solved by using local or focus based shortcuts. In contrast to global shortcuts that work even than 1PW‘s window is hidden local ones work only if the application/1PW is the active foreground window. With additional constraints like enabling only if the user is not editing or creating items one could further reduce the risk of unintended use. It‘s slightly more work on the development side but it‘s possible. We use this kind of shortcuts in a mission critical broadcast application all the time.

  • BenBen AWS Team

    Team Member

    I don't know that this is only a concern where 1Password isn't the foremost application. I don't think it is entirely uncommon that someone is, e.g., giving a presentation and needs to log in to a service. I've certainly had to do that myself. They might then try to alt+tab to another window and inadvertently reveal information. In any event, we'll continue to evaluate how to best offer the ability to temporarily reveal passwords without offering too much opportunity to reveal sensitive information unintentionally.

    Ben

  • how about doing alt + ctrl/cmd ?

  • Why alt + ctrl/cmd?

  • I had to come here to find out about ⌘R as it is not mentioned in the ⌘/ popup. ⌘R indeed seems a poor choice if it doen't work in the browser extension.

  • Ben,
    I understand your concern about providing the most safe way to hold password, and thus your worries that some information might be inadvertently revealed while screen sharing. I get that, really.
    But I also know that you certainly have a variety of users, some less educated and some much more.
    More educated users know, for example, that they should share just one window at a time, not just to avoid revealing passwords by accident, but also to avoid revealing any other kind of information that might be on their desktop.
    And more educated users could choose to use a potentially less secure – but at the same time much more convenient – shortcut to quickly reveal their passwords.
    So, maybe use a more robust shortcut as a default and warn the user that using a shortcut like just ⌥ is potentially dangerous, but let the user choose this, please.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file