type in a password manually but have it masked

Hi (again) @pathfinder76

You're right that 1Password doesn't obscure anything when you're editing it, only when you view it afterwards.

This is mostly for accuracy purposes so that you can see what you're doing, but also to prevent a false sense of security. For example, if someone was watching over your shoulder, they would still see the character you're entering (because the last character is briefly shown before being obscured) or by seeing what key you tapped on the keyboard. Obscuring inputs might make people think that shoulder-surfing is impossible in that situation and it really isn't. Even when the input isn't shown briefly before being obscured (like entering your iPhone's passcode), it's still understood that if someone can see the keys you tap, the result is the same. Having everything shown in plaintext (while editing) reminds the user to take care about their current surroundings, which is of a greater benefit overall, just like if you were entering your PIN into a credit card terminal or ATM.

Relatedly, we'd recommend generating passwords wherever possible. The password generator's recipe can be changed to accommodate a wide variety of situations. This helps minimise the number of times you might need to manually enter a password into 1Password, and drastically reduces the amount of time that it's shown in plaintext – it's very unlikely anyone shoulder-surfing is going to memorise a password like U!o*X7w8EAoWQC2u in the time between it being generated and you tapping Save.

I hope that goes some way to explaining why 1Password works the way it does, but let me know if you have any questions. :)

— Grey

@pathfinder76

When you're not actively editing an item, it makes sense to obscure the password field, since you can still Copy it to the clipboard without having to reveal it first. It's only when you're editing an item or have tapped Reveal on a password field that you'll see the password in plaintext.

In web browsers, password fields are designed to be obscured by the web developer, and 1Password can autofill into those anyway, so there wouldn't be any real need to show it in plaintext there.

@pathfinder76

If the password was masked in edit mode then how would you know that you typed the password into 1Password correctly? I foresee that an option to mask the password would create a situation where users would type in a password while masked and not know that they made a typo until they tried to use that password days or months later only to find out that it hadn't been accurately entered into 1Password.

Can you clarify a little further about what kind of threat you're trying to protect against? If you're concerned that you're in an area where someone might peek at your screen while editing a password then I would suggest that you wait to edit that password until you've moved to a safe area.

-Dave