TEXTEXPANDER AND SECURE INPUT
Passwords and Secrets
Secure Input should be enabled when you are typing a password or entering other sensitive information. TextExpander does not observe your typing when Secure Input is enabled. If Secure Input is enabled at other times, it may indicate a problem. Read on for more details.
Key Event Handling Introduction
As you type characters on your keyboard, they pass through parts of Mac OS X and are usually handed to the active application. There, they will appear on the screen as parts of words, or they might be treated as commands, or they'll be handled some other way. Applications such as TextExpander can register to “see” characters that you type, and even modify them, before the active application receives them. This observation of your typing is called key-logging, and it is how TextExpander “notices” that you have typed an abbreviation that should be expanded into its snippet.
Secure Input
Any application can enable Secure Input. With Secure Input enabled, all typing is passed directly to the active application — no other applications can observe your typing.
Secure Input is used for entering passwords and other sensitive information. This means that if malicious key-logging software or “spy-ware” somehow gets on your system, it cannot record your passwords.
Secure Input is generally enabled when you type into a password field (
). Some applications also enable Secure Input at other times.
Secure Input vs. TextExpander
As described above, key-logging is how TextExpander knows when you type abbreviations, so TextExpander obviously cannot operate while Secure Input is enabled.
Usually this is not a problem. You should not use snippets to type passwords, and Secure Input is usually turned off as soon as the text focus leaves the password field or sensitive information area.
Unfortunately, there are a few situations where it does become a problem. Known issues are discussed below. When TextExpander detects that Secure Input is enabled, it updates its menu bar icon to indicate expansion is disabled. If the application enabling Secure Input is not the current application, it adds a “caution” symbol. TextExpander also adds a “caution” symbol to its Dock icon when Secure Input is enabled. TextExpander checks Secure Input status about every 15 seconds, so the icon display may lag a bit behind the actual state. While the menu icon displays as disabled, the “Expansion Disabled (app name)…” menu item indicates which application appears to have enabled Secure Input. Selecting that menu item displays a dialog briefly explaining the situation.
Known Issues by Application
- Firefox
- Google Chrome
- Hulu Desktop
- iFinance
- Quicken Scheduler
- Notational Velocity
- Chronories
- Terminal
- Other Applications
Firefox
If you encounter trouble, please update to the latest Firefox, as there was an old bug which could cause Secure Input to remain enabled incorrectly.
Google Chrome
We are not sure of the details, but Chrome sometimes fails to turn Secure Input back off after typing in a password field. If you find a specific sequence of events that causes this problem, please let us know.
Hulu Desktop
Hulu Desktop apparently enables Secure Input as soon as it is launched, and leaves it enabled until you quit. Your television viewing habits are probably not a secret! We encourage you to contact Hulu so they can fix this.
iFinance
iFinance enables Secure Input at launch and never disables it. You might offer feedback to the developer that this is not how to use Secure Input properly.
Quicken Scheduler
This application automates acquisition of financial data for Quicken. For some reason, it enables Secure Input. You can run the Activity Monitor utility and quit Quicken Scheduler, or if you disable all "Scheduled Updates" in Quicken, Quicken Scheduler will quit.
Notational Velocity
The Notes portion of Notational Velocity's preferences has an option for “Secure Text Entry.” This enables Secure Input while editing within Notational Velocity. Turn this off to permit the use of TextExpander within Notational Velocity. Newer versions only enable Secure Input while Notational Velocity is active, but older versions left Secure Input on until you Quit.
Chronories
Chronories enables Secure Input whenever it is active, but expansion is disabled only within Chronories. We don't know if there is an option to turn this off.
Terminal
Terminal has a “Secure Keyboard Entry” menu item so you can turn Secure Input on and off within Terminal. You probably should enable this when entering passwords.
Other terminal applications such as iTerm2 have similar settings.
Other Applications
If you are having problems with Secure Input being enabled by some other application, let us know and we will investigate.
We have a 90-day money-back guarantee!
Take Control of TextExpander
New book from Take Control: The ultimate road map to becoming a TextExpander power user!
93 pp., $10
free sample | buy now
TextExpander touch
Now Available in the App Store!
With TextExpander touch, you can compose email messages, notes, and tweets on your iPhone or iPod touch using your TextExpander snippet library. $4.99.
Get it now! (App Store link)
Video Tutorial
Learn how to use TextExpander's simple but powerful features in our video tutorial series.
TextExpander on twitter
Twitter is a great way to keep up with the latest updates and to get useful TextExpander tips. And sometimes, we even give away prizes to our followers... Follow @TextExpander!
2010 Eddy Award Winner
What makes TextExpander a great app isn’t just that it’s so handy and so capable, but also the fact that it’s constantly evolving—refining its core tools, adding new ones, and adapting to an ever-changing technology landscape.