1Password has disabled the auto-submission of passwords in the latest version of its Mac app. The company says that the move has been forced on it by increased security measures in macOS Mojave, but that it agrees with the decision Apple has taken …
Earlier versions of 1Password can submit login details fully automatically, so you can be briefly presented with a login screen on a website and then logged-in without taking any action. This is because 1Password entered your password and also transmitted a carriage-return character.
However, macOS Mojave has placed ‘significant restrictions’ on the ability of apps to virtually press the return key, meaning 1Password can no longer do this. Reflecting this, 1Password has removed the auto-submission feature on all versions of macOS.
The company says that it has still made things as streamlined as possible.
1Password automatically leaves focus on the password field so there’s no need to click the submit button. Just press the Enter key and you’re all set. Alongside the Command-\ fill keyboard shortcut, it works quite well.
In a blog post, Apple team lead Michael Fey says he agrees with Apple’s rationale.
When 1Password automatically submits a password, it has no way of knowing whether it’s filling a password into a legitimate password field or something created by a nefarious website. If a password is automatically submitted, users are not given the opportunity to say “no” to submitting a form […]
We feel strongly that removing the ability to automatically submit passwords is the right call and protects not only a user’s experience, but also their security, too. I’ll be fully transparent, it’s taken some getting used to, but now that it’s part of my workflow… autosubmit? I don’t miss it.
Although the CTO of SaaS management platform Torii has commented that this offers only limited protection.
“When 1Password automatically submits a password, it has no way of knowing whether it’s filling a password into a legitimate password field or something created by a nefarious website” — there’s no real need for a submit, a malicious site can read input value attribute https://t.co/6I3Apaf3HN
— Tal Bereznitskey (@ketacode) October 12, 2018
Version 7.2 also has Safari support baked right into the app, so you no longer need to install a separate browser extension, and has additional protections against man-in-the-middle attacks. Apple has certified the app as being malware-free.
On the visual side, 1Password 7.2 also supports dark mode. 1Password is a free download from the Mac App Store, with a 30-day trial, but then requires a subscription.