Suggested enhancement to item sharing

thedean
thedean
Community Member

I love item sharing in 1Password... but I would like to suggest an improvement in the workflow for item sharing.

Currently when you share an item "with only some people", after clicking on the generated link, the recipient is prompted by the browser app to enter their email address. If the recipient mis-keys their email address, the browser app just accepts the invalid email address anyway without any verification, and then later sends out an email stating that "This item is not shared with xxx.xxx@gmail.com". Of course, since the recipient had mis-keyed their email address, they will never see the email or the error message.

I would suggest that a better way to handle this process is to validate the email address at the point of data entry. The browser app should have access to the list of intended recipients created by the sender, so it should be able to complete the verification in real time and provide an immediate error message at the point of data entry. This would allow the recipient to correct the typo before the confirmation email with the verification code is ever generated.

I believe that handling typo's in this way will provide a better and more streamlined user experience. Is this possible to do?

Thanks,
Dean


1Password Version: 8.9.1
Extension Version: 2.3.7
OS Version: macOS 12.5
Browser:_ Firefox

Comments

  • Hi @thedean:

    Thanks for your thoughts! Similar to how entering an incorrect username or password on a well designed website says "incorrect username/password" rather than "incorrect username" or "incorrect password", we don't want to share any information about who it's shared with. For example, if someone were to come across a specific-people share link, it would be possible to enter in emails, receive a "wrong email address" message, and then know which email address it was shared with by not receiving the "wrong email address" message. With how this currently works however, only the individual with access to that email account is able to know that item has been shared with them.

    I can definitely see how this isn't ideal however, so I've shared your feedback with the team. While I can't promise anything specifically, we use feedback like yours to inform the future of 1Password.

    Jack

  • thedean
    thedean
    Community Member

    Jack:

    With an infinite universe of email addresses, I find it hard to believe that returning an error message stating that a single email address is invalid is a material security risk. Taking your logic to its ultimate conclusion, when I log into 1Password.com and mis-key my email address, your should never display the attached error message, but instead you just send an email message to the invalid address stating that something was entered incorrectly.

    I don't believe this is a security issue, but rather an ease of use issue. Thank you for sharing my request with the team.

    Thanks,
    Dean

  • You're very welcome @thedean.

    Feel free to get in touch if there's anything else we can help you with.

    Jack

This discussion has been closed.