Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Automatically signin for windows 10 with 7.7.819 does not work. +Wordpress Admin Issue
This is a show stopper feature for my... the option "Automatically sign in after filling the username and passwords" is already checked in the app but when I click on the link in the APP or the chrom...
Jack_P_1P
1Password Team
1Password TeamHi @kashif1:
1Password Teams has the ability to disable the "reveal" permission for users in vaults you specify.
However, again, please keep in mind that this only protects against casual or accidental password viewing or copying. Someone who is even slightly determined can simply edit the source on a page (or use a bookmarklet or extension to do it automatically). You can see a bunch of extensions that do this with a simple Google search.
https://www.google.com/search?q=reveal+password+extension
This is true for any password manager -- not just 1Password. If someone has the ability to use a password somewhere, they can view that password.
As an example from our 1Password Security Design white paper (page 36):
The administrators have come to be wary of how the dog Patty (see Story 6 for background) treats data. They want Patty to have access to the password for the dog door (they want her to be able to leave and enter as she pleases), but they do not want Patty to give that password to any of her friends should her paws accidentally press the ”reveal” button.
And so, the administrators limit Patty’s ability to reveal the password. She can fill it into the website that controls the dog door (she lives in a somewhat unusual household), but she cannot accidentally press 1Password’s “reveal” button while her friends are watching. This is protected by client policy.
But Patty is a clever dog. When she uses 1Password to fill in the website, she then uses her browser’s debugging tools to inspect what 1Password has inserted. She gets the password, and she tells it to all of her friends so they may come and visit.
The house is overrun with Patty’s friends running wild, and the administrators have learned an important lesson that client policy controls are easily evaded.
If someone once had access to a password, you must change it after they leave if you don't want them to have access to it. To assume they never revealed the password after it was filled (where it can no longer be controlled by 1Password or any other password manager) is not a safe assumption.
I hope that clarifies your concerns.
Cheers!
