Os X Text Expansion



TextExpander expands snippets in response to what you type. But when you are typing a password or entering other sensitive information, a feature called Secure Input ensures that TextExpander—along with other applications—can’t see what you’re typing. QuickKey is the first text expansion app built specifically for complete compatibility with the App Store and all Mac security measures. It is fully compatible with macOS High Sierra and sandboxing. It requires no special permissions to work.

TL;DR (too long, don’t read)

First, quit and re-launch Chrome. If a website requests a password while Chrome is in the background, that can lead to incorrect reporting of the app which has enabled secure input. This happens to us all the time with our online accounting software. (We’ve filed bugs with Apple and the Chromium project on the topic.)

If that doesn’t sort it, please read on…

How TextExpander Works

TextExpander expands snippets in response to what you type. But when you are typing a password or entering other sensitive information, a feature called Secure Input ensures that TextExpander—along with other applications—can’t see what you’re typing.

Normally, Secure Input is a good thing; you wouldn’t want TextExpander or any other applications to see your passwords. Secure Input is usually turned off as soon as you leave the password field or sensitive information area. But sometimes Secure Input will stay enabled even after you are finished typing sensitive information. In such cases, TextExpander will stop functioning until Secure Input is disabled.

How Secure Input Can Cause a Problem

As you type characters on your keyboard, they pass through parts of OS X and are usually handed to the active application. There, they will appear on the screen as parts of words, or they might be treated as commands, or they’ll be handled some other way. Applications such as TextExpander can register to see characters that you type, and even modify them, before the active application receives them. This observation of your typing is called key logging, and it is how TextExpander knows that you have typed an abbreviation that should be expanded into its snippet.

Any application can prevent key logging by enabling Secure Input. With Secure Input enabled, all typing is passed directly to the active application—no other applications can observe your typing. This way, Secure Input ensures that no malicious key-logging software or “spy-ware” will be able to see your sensitive data.

Secure Input is generally enabled when you type into a password field. Some applications also enable Secure Input at other times, which is appropriate as long as they turn Secure Input off once it is no longer required. Apple has published a technical note which specifies how and when Secure Input should be turned on and off.

How to Fix It

Os X Text Expansion Software

Unfortunately, there are a few situations where Secure Input is left in its “enabled” state when it should not be—when you have finished entering sensitive information, or when you have begun to use a different application than the one that turned on Secure Input. In these cases, you will not be able to use TextExpander until Secure Input is disabled. So how can you disable Secure Input?

TextExpander will let you know when Secure Input is enabled by updating its menu bar item to indicate that expansion is disabled. If the application enabling Secure Input is not the current application, TextExpander adds a “caution” symbol to its menu bar icon and Dock icon. (TextExpander checks Secure Input status about every 15 seconds, so the icon display may lag a bit behind the actual state.) While the menu icon displays as disabled, the “Secure Input enabled by (app name) / Secure Input Prevents Expansion…” menu item indicates which application appears to have enabled Secure Input. Quitting that application will disable Secure Input, allowing TextExpander to function again.

TextTool

Work-around

In some cases you can avoid Secure Input remaining enabled if you turn off any auto-submit feature of an auto-login that you are using.

Instead, once you fill the password field, or your auto-login fills the password field, click whatever “Login” or “Submit” button is provided along with the password rather than pressing the Return key on your keyboard.

However, depending on the individual application, there may be other ways to avoid this problem. If you’ve having trouble with an app enabling “Secure Input” or getting the “Expansion Disabled” message, check to see if the app you’re having trouble with is listed here. If it’s not, please 1Password

1Password

On Mac OS X 10.8 Mountain Lion, 1Password will enable Secure Input mode while it’s hidden. This will happen when choosing the “Hide 1Password” menu option or choosing “Hide Others” when 1Password is running. Minimizing 1Password or leaving it visible in the background will not cause this problem.

Update: Should be fixed for 1Password 4.

Box

Expansion

The Box Sync application leaves Secure Event Input enabled after you log in. Quitting Box Sync and starting it again solves the problem. (As of January 2014).

Chronories

Chronories enables Secure Input whenever it is active, but expansion is disabled only within Chronories. We don’t know if there is an option to turn this off.

Firefox

If you encounter trouble with Firefox, please update to the latest version; older versions of Firefox had a bug which could cause Secure Input to remain enabled incorrectly.

Update: Should be resolved as of November 2012 build.

Fluid

Fluid enables Secure Input and never disables it when a password field is focused while submitting a form. Focusing on another field or removing the focus works around the issue. The Fluid author is aware of the problem and hopes to fix it in a future update.

Game Center

After logging into Game Center within a game application, GameKit can incorrectly leave Secure Event Input enabled afterwards. We have filed a bug with Apple regarding this problem.

Work-around: Launch Activity Monitor, an app found in the Utilities folder of Applications. Locate Game Center in the Process Name list, select it, click the X “stop sign” button at the top left of the window, and choose “Force Quit” to force GameKit to exit, disabling Secure Event Input. (As of February, 2015)

Google Chrome

Chrome sometimes fails to turn Secure Input back off after typing in a password field, particularly if the cursor is still in a password field when the password is submitted. If you find a specific sequence of events that causes this problem, please let us know, and let the Google Chrome team know so they can reevaluate this behavior. A quit and restart of Chrome will restore TextExpander.

Hulu Desktop

Hulu Desktop currently enables Secure Input as soon as it is launched, and leaves it enabled until you quit. Your television viewing habits are probably not a secret! We encourage you to contact Hulu so they can fix this.

iFinance

iFinance enables Secure Input at launch and never disables it. You might offer feedback to the developer that this is not how to use Secure Input properly.

LastPass

LastPass will currently enable Secure Input on Google Chrome as long as you are logged in to LastPass. There’s a fix for this in the works; upgrading to the latest prebuild of LastPass will resolve the issue, and that solution should be coming to the release version of LastPass soon. In the meantime, this forum post on the topic sheds a bit of light on this issue.

Update: Should be fixed as of August 2012 build.

loginwindow

When TextExpander tells you the name of the application that has enabled secure input, it’s giving you a “best guess” that’s sometimes inaccurate. When TextExpander reports that “loginwindow” has enabled secure input, it’s likely that TextExpander can’t quite tell which application has enabled secure input, so instead it’s showing that application’s “ancestor, ” loginwindow. This can also happen when OS X itself has left secure input enabled after you’ve logged in, or after you’ve entered your password to wake the computer from sleep or from screensaver. If it is the screen saver, a restart of your Mac will enable TextExpander. If it is not the loginwindow, try quitting your other running apps. Once the offending app is quit, TextExpander will immediately re-enable. You can use this to determine which app is leaving secure input enabled.

Notational Velocity

The Notes portion of Notational Velocity’s preferences has an option for “Secure Text Entry.” This enables Secure Input while editing within Notational Velocity. Turn this off to permit the use of TextExpander within Notational Velocity. Newer versions only enable Secure Input while Notational Velocity is active, but older versions left Secure Input on until you Quit.

Parallels Desktop 9 and 10

Upon installation, Parallels enables Secure Input when you are asked to login to “Parallels Access.” Quit the Access app and TextExpander should re-enable. Guitar rig 5 presets. (As of September 2014).

Quicken Scheduler

This application automates acquisition of financial data for Quicken. For some reason, it enables Secure Input. You can run the Activity Monitor utility and quit Quicken Scheduler, or if you disable all “Scheduled Updates” in Quicken, Quicken Scheduler will quit.

Safari

Safari 7 in Mavericks and Yosemite can leave Secure Input enabled on certain secure web pages when the “User names and passwords” option is turned on in Safari’s Preferences > Autofill tab.

To fix this, close the tab or window you have open. If that doesn’t work, quit and restart Safari. (As of February 2015).

Slack

The initial login for the Slack app will disable TextExpander. Quit and restart the Slack app to re-enable TextExpander. The Slack app stays logged in. (As of March 2014).

Terminal

Terminal has a “Secure Keyboard Entry” menu item so you can turn Secure Input on and off within Terminal. You should probably enable this when entering passwords. Turn it off again afterwards to enable TextExpander expansion.

Other terminal applications such as iTerm2 have similar settings.

Expansion

Webroot SecureAnywhere

Webroot SecureAnywhere turns on secure input and leaves it on by default. To turn it off, choose “Pause Secure Keyboard Entry” from the Webroot SecureAnywhere menu item.

Since the upgrade to OS X 10.9 Mavericks and iOS 7 you may have noticed that your text expansion shortcuts from iOS have found their way onto your Mac. Thanks to iCloud all of your text shortcuts are now synchronised between your devices.

To create or edit these shortcuts on your Mac follow these steps.

  • Open up “System Preferences” and click “Keyboard”
  • Select the “Text” option from the menu
  • Once you’re here you’ll find all of your iOS text shortcuts. iOS automatically gives you a couple of examples so even if you’ve never set any before you should see some items listed here.

Os X Text Expansion Reader

  • To add more just click the “+” symbol in the bottom left corner and then put in the shortcode you want to use, press enter, and then enter the text you want to replace it with.

Os X Text Expansion Tool

Some symbols like © or ™ are not available on a standard keyboard so why not create shortcuts for these like © and TM respectively.