Reveal Passwords
Paula Shuffleburg
Pinned fields will default to copying the value of the field, but it is actually possible to change the default behavior on a per-field basis. If you Tap and Hold a pinned field, you should be able to tap "Default Action" and there you will be able to toggle between "Copy" and "Show in Large Type".
To help understand and advocate for your requests, can you elaborate on the use cases that you have for revealing vs copying? From what we have seen, copying is the desired command far more often since you can copy the password, switch to another app, and paste it. And this is usually for cases where the extension or the autofill feature couldn't do it for you.
I already noticed this change as I got 1Password 8 for iOS finally today (and in the TestFlight now, after checking every day for two months for a slot, ha). I'm happy enough with most changes so far, but a single tap to reveal a (non-large, ideally--that's hard to read!) password is definitely necessary. I use this on my Mac regularly and also my phone. For example, I'm occasionally working with computers (I'm an IT consultant) that are new and I need to enter administrative credentials visually from my phone into the computer.
Or, I occasionally hand check deposits at my front desk with the check scanner when my front desk person is out of the office on vacation. I log into the computer with a Yubikey and AzureAD, but my bank requires a company number/username/password and then a PIN and 6-digit code from their own hardware ID. I don't want to install 1Password on that computer as I don't use it otherwise, so I'm fine typing the bank password in, but need to do so visually from my phone screen.
I'm usually in a hurry, and want to just tap to reveal--it's long, and shows up much better in the text box than with the Large Type field, as well. I don't use it often, so I don't want to pin it, but I do have it in my Favorites--it's already been annoying to have to open the item to view the password (the Favorites list in 1Password 7 and then reveal the password (the drop down means not waiting for tap-and-hold) and type it. Tap-and-hold is too long, it should be reserved for much more infrequent things now that Apple killed Force Touch where I could just hard-tap faster to access what is now tap-and-hold (now that Force Touch is sadly entirely dead--so nice to force touch the keyboard to position the text caret, now a long-touch wait on the space bar is required to do the same :-( )
Yep. Leave it is as user own choice as a possibility to customize behaviour. Do not anticipate what most of your users usually do. I suppose it is not a rocket science to make it personally customized.
I also have the use case of using 1Password 8 on my phone to access passwords that I then type in on a variety of other devices: work laptop, spouse's laptop, some annoying app/site on my iPad that autofill won't work on and it's easier to to reference it from my phone than try and switch between apps on the iPad.
Hi - I'm not sure when this happened, but I just noticed in the iOS beta earlier this week that there's a new triple-dot menu that contains an option to "Reveal" any concealed fields. This is just what I was looking for - thank you!
I'm going to add my 2 cents here: I constantly need to be able to SEE the password and having to touch it to get it revealed is super annoying and time wasting. If I open the app to get a password, and navigate to that item in the app, I want to see the pw I am seeking as quickly as possible without having to do any extra steps. No one is looking over my shoulder trying to see my passwords, so show it to me with as few keystrokes as possible please. I'd like a default where if I navigate to a login record, the pw is defaulted to be visible. Thanks for intaking my opinion on this.
I already know that Windows 8, Windows 8.1, Internet Explorer 10 and Internet Explorer 11 (1). Cursory research did not reveal any other browsers with the "reveal password" feature, but do you know of any others?
The main security risk exists for browsers that save passwords for users to use when auto-completing fields. This means a user might leave their desk and someone who knows their username could cause the password to be populated by auto-completion and then reveal the password using the browser feature.
To answer your particular question, all browsers on OS X theoretically allow users' passwords to be shown in plain text (via the Keychain Access utility), but not within the browser. There is a Firefox Add-on called Show Password, a Chrome Extension called HTML Revealer and Password Revealer, and a Safari Extension called ShowPass all designed to emulate the same function in their own ways.
If you ask this question on security.stackexchange, the answer will be definite - don't reveal password, ever. It's akin to the poor practice of clicking forgotten password and being emailed your plain-text password, rather than a set of instructions on resetting it. While a user may get frustrated with this UX (Why can't I just see my password right now? Why do I have to reset my password?), security best practices are more important.
Incidentally, any browser allows you to reveal your password due to the mutable nature of DOM (document object model, a in-browser representation of page html). I've used this many-a-time whenever Chrome has better memory than I (normally my "user story" is that I have to log in from another device, and don't remember the password). To test this, go to any login page that your browser stores credentials for, like office365 below:
You may have to type in your username before the password asterisks appear, now inspect the password field (in most browsers it's done via right click -> inspect element). If you delete the type="password" attribute, the password field will default to a vanilla text input and you will see the field's value in cleartext. I'm not adding that screenshot though :)
UX best practices are mostly related to hiding password from somebody nearby who can see your screen (which can also be a surveillance camera in a public place). This translates to stars in Windows XP and earlier and circles in Windows Vista and later, or to the characters being not displayed at all in Linux console (which also means that one can't know the length neither).
As for the revealing, the only UX concern related to security that I can see is to avoid the person to reveal the password by mistake, or to keep it revealed. That's why in Windows 8, the eye icon doesn't toggle between plain password and circles, but reveals the password only at mouse down event, and hides it again when the user releases the mouse button.
Whether you use a password manager like LastPass or let your browser store your passwords, your browser will always block the password box using asterisks for better security. To remove the mask and reveal your password, you just need to do a few things:
I lost my pppoe password, so I want to recover it from my router configuration setting but I am not succeeding after my lot of research on Internet. I used many password revealer tools but it can't help me actually they reveal's my password but after revealing another asterisk password appears
In inspect element mode of the browser and while you are on the password field change input type = password to input type = text :), man who would've thought hacking WiFi would be that easy through the browser.
I Know how to reveal that password in GPON ont, i was recently looking for PPPoE password too, i'm trying to change html code in inspect element, not working. I'm trying to access telnet on router, not working too, then i found 1 app for Windows, here it's called RouterPassView.
I can't provide you with precise instructions because you haven't specified you router's model, but what you want to do is to download a backup of your settings. Then you'll have to search for a tool or website that will allow you to decode backup file. The password should be readable in the output.
Have you ever forgotten the password to an important account? One of the most frustrating parts of entering a password can be those password dots that seem to blur our memory. It can be hard to remember which numbers, symbols, and letters you used at such a frustrating time.
Apart from that, it may help to group similar characters. For instance, if passwords require letters and numbers, group them using symbols. This is an effective way of finding the correct characters. Moreover, if you are still having trouble, try combinations that seem familiar and logical. With a little bit of trial and error, you can unlock the secrets you seek.
That's a valid concern. As it is, if someone takes your device it is very difficult to extract the master key password (you'd probably have to enable USB debugging, and somehow hack it from there). However with this change, it's just a press of a button. Chrome asks for the device password when doing this, but probably it would be hard for us to do the same from React Native.
So I think that should be at least discussed. Do we so badly need this feature that we make the app slightly less secure for it? And the thing is, it's not optional, even users who will never need this feature would still have it there, with their password easily exposed at the press of a button.
There's no Joplin master key though? For Chrome for instance it asks for the device password (or finger print) to reveal the master key. I think that would be the right way, but probably difficult to implement as you need to access native features.
I think that some kind of permission prompt should be added with a privacy policy entry added for this. Many mobile devices have a 4 or 6 digit pin approach to this and desktop could implement a similar approach.
Hi I recently cleared my cookies and logged myself out of an email account, previously this was saved in passwords now when I go to view the passwords to the two gmail accounts I have it only shows one for google. It says next to it 'and 1 more'. But when I click to open it up it only shows the one password.
c80f0f1006