Kyle,
> As for the pasteboard question. We tried using the suggested identifiers and found several applications were not handling it properly (pretty much the exact opposite of what they should've been doing) so we implemented our own. We may change it back in the future, but at this time I don't have any further information about that.
That makes little sense. My (our) primary proposal was that you provide
an identifier to signal when data contains a password. The secondary
suggestion was to use the identifier named
"org.nspasteboard.ConcealedType". If the latter caused trouble, then you
could as well have used your own identifier. Which is exactly what you did.
But instead of adding this identifier to ALL data you place into the
pasteboard, you should have added it only when you put a secret text in
there, such as a password, or anything else 1pw or its user wants
"highly protected". Or you could always add the identifier as you do
now, but use its value to say whether it's concealed or not. Instead,
you add the same value into this identifier that is already present in
the text flavor of the pasteboard. Which feels kind of redundant.
I guess 1pw mini also uses this identifier to clear the pasteboard after
90s, right? So, it checks if there's still the same value in the
pasteboard and clears it only then.
But this clearing is also only necessary (and desired) when the data is
"secret", such as a password. Therefore, I don't think you'll break
anything if you only added this new type to the pasteboard for secret
data but not for user names and other non-critical copies from 1pw.
So, yes, please reconsider this for the next minor update.
I also welcome you to discuss any concerns with us, i.e.
nspast...@googlegroups.com, where there's a few more tool developers
with clipboard related tools at hand.
> We felt we'd rather be on the cautionary side and not have applications record any data copied from 1Password. Most users have sensitive data in it and better to err on the side of caution than have users expect one thing but see another when it comes to security.
Fair point. Better this than nothing.
Though, I think the extra caution here is not necessary. If you really
believe that a user's login name is sensitive, then you should conceal
it the same way you conceal passwords. But you don't.
Furthermore, this is not about background programs stealing passwords
from the clipboard (they can do that without or without the extra
identifier), this is about letting the user (permanently) record or
otherwise work with the data in the clipboard. It is important that
other tools that look into the clipboard know when they must not store
the data without further protection. That's what the new type was meant
for. Now, however, these tools have to conceal even a user name, which
is not a good service to the user, I hope you agree.
Thomas