Concerns About 1P 8 for Mac from a Web and Software Developer

roustem

The problem with "hold Option key to reveal passwords" is that it was too easy to do that accidentally.

Is it really? Can't say I've ever done it, and even if I had, pressing macOS modifier keys is a brief split second action in general. Anyone "shoulder-surfing" would have to have superhuman photographic recall to read and memorise a long complex password in a second or less.

Have you done any research into how often customers are actively using 1Password whilst screen-sharing or with someone looking over their shoulder? And then out of those people, how many regularly 'accidentally' press the Option key long enough for someone to accurately read and memorise the password? I can't imagine the number is very high. And what about lone users, who never screen-share or have anyone looking over their shoulder? Why can't they be trusted to enable this option and use the feature. Why should you dictate what is best for everyone, based on some dubious belief that a significant enough number of users are 'accidentally' revealing their passwords?

What about people who might accidentally leave their computer unlocked and 1Password open when going to get a coffee in their office? It only takes a couple of seconds to export a file of ALL vault data... Surely this is a much bigger risk than a brief glimpse at a single long password on-screen. The export function doesn't even ask the user to confirm their master password before handing over all the data!!!