[revelation]

If you can't trust your system, there is no point in encryption. There is an innumerable number of ways an attacker can get your password if you assume the attacker has system privileges.

If you have loopback sniffing privileges, you could just also ReadProcessMemory the password right out of 1passwords memory.

[nikolay]

If this was an easy task to tackle, we wouldn't be paying a commercial entity to take care of it.

[revelation]

You're not understanding. The only solution to this "problem" is to not give the computer access to the password, which defeats the purpose.

But the moment you trust the password to a compromised computer, it's game over.

[nikolay]

No, I understand, but it looks like browsers can tackle this better than any third-party could unless there's a plugin mechanism just for that purpose.