Passwords copied to the clipboard from the browser extensions are not marked as Concealed

Is this still not solved?

Hi, any updates on this? This is causing pasted contents to be visible across my devices (with any sort of "paste/clipboard" apps), and is a severe security risk, especially given that all of these apps already handle sensitive information and pastes from 1PW apps as well...!

If possible, please prioritize this. Thanks

Hey @efenner:

Thanks for your follow-up. Indeed you're right, Quick Access is working with the desktop app, and not the browser extension. While I can't promise anything, this is something we're aware of. In the meantime, if you're concerned about your clipboard manager saving your credentials, copying from Quick Access or the full 1Password app would be your best bet.

Jack

Hi @"jack.platten" , thanks for your reply. If there is not a solution for this, I see it as a major vulnerability.

I just tested, and copying the password using Quick Access doesn't have this issue, presumably since that is connected to the local app rather than the browser extension, but I don't find that as convenient or intuitive as 1Password mini or the 1Password 7 implementation. Since the extension is what pops up when I am trying to fill the password, that is what I am most likely to use.

Please let me know if anything changes here or if there are any other methods that I might be missing.

Thanks!

Hey @efenner:

Great question! As 1Password in the browser is operating solely in the context in the browser, our clipboard management options are limited and as such, the concealed property isn't set when copying from 1Password in the browser. As for the difference in 1Password 7 for Safari, as 1Password 7 in Safari is heavily linked to 1Password 7 for Mac, we're able to set the property. We're always exploring options, and I've added your feedback to the internal issue we have regarding this. Thanks for asking!

Jack

ref: dev/core/core#159