Submitting a feature enhancement

Occasional Contributor

2 years ago

Correct, I primarily use Safari when on my Apple devices. However, being a retired IT security guy, and geek, I have a number of both Apple and Windows devices and I play around with a number of browsers, including Brave, Vivaldi, and Chrome with privacy extensions and the unwanted behavior happens on a few of these, though as you mention Chrome is immune as it is more liberal on what is actually cleared with cache.

Though 1P doesn't automatically fill and submit without any user intervention, one could theoretically script using injected keyboard controls, such as down-arrow to a 1P login, tabbing to edit boxes, and injecting other keystrokes such as Enter.

I spoke with one of the Google Engineers that was part of the Chrome project back in 2005(ish) and I was complaining about the problem with browser based password managers. His response was a little eyebrow-rising, "If your browser is compromised all bets are off". Microsoft security engineering for Edge in 2020 was disappointed that I didn't direct my company towards Edge password manager and instead went to a dedicated password manager as having better security and functionality. But I digress.

Good password managers are pretty bullet proof. It is the browser extensions for them that you have to worry about.

Thanks for listening.

Forum Discussion

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

crypto.randomUUID is not a function S @ inject-content-scripts.js:5

Passkeys stopped working last week - Samsung S25 Ultra

I don't see the 1password icon in form fields of some websites?

Feature Request: Add Zip code field for credit cards

Passkey autofill behavior on Crewbloom login (Safari + 1Password)