1Password's use of Secure Input

Super Contributor

4 years ago

I'm guessing this is a side effect of SecureInput.
This behavior happens when any text field in 1Password is active.
And when any text field is active, Secure Event Input is enabled.

1Password 8 uses SecureInput very broadly. Even the Keyboard Shortcuts fields activate SecureInput!

while sleep 1; do ioreg -l -d 1 -w 0 | grep SecureInput; date; done

Do ALL fields need to enable SecureInput?
Or maybe just the Master Password and other Password fields when they're masked??

Safari only enables SecureInput when entering text in masked Password fields, not when they've been revealed
BitWarden also only enables SecureInput for Password fields while they're masked
The macOS/Safari password manager doesn't mask Passwords, and doesn't enable SecureInput

Does the Search field need to enable SecureInput? I don't think it should, and it's the most annoying.
* Quick Access doesn't enable SecureInput for the search field
* Neither does 1Password 7
* Neither do the browser extensions
* Neither does the macOS/Safari password manager
* Neither does Keychain Access
* Nor BitWarden or LastPass
* https://developer.apple.com/library/archive/technotes/tn2150/_index.html

Notes fields are also annoying. No other apps enable SecureInput for Notes fields.

I'm curious what threat is being addressed.

Interestingly, the macOS and Safari password managers use SecureInput for initial unlock, but they don't prevent a newly-launched app from getting focus, which comes full circle to my original post. :-)

Forum Discussion

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

To permanently delete 1password account & all data

Issue with 1Password Browser Extension Not Searching Note Fields

Password entry gets converted to a Login entry

Allow copying as pasting a passkey

Can't set "purchase date" field expiry in future