macOS includes a feature called Secure Keyboard Entry which prevents other apps from capturing keystrokes from the originating app—and the blocked keystrokes include Command-Tab (but not other modifier key + Tab combos). Once it's active, if you've assigned Command-Tab to activate Witch (from any application), you'll find that you instead get the default Mac app switcher. There is nothing Witch can do to bypass this protection—it is a secure input mode, after all.

This mode is most plainly obvious in Terminal, where you can toggle it off and on with the Terminal > Secure Keyboard Entry menu item. But Terminal is an exception—apps and web pages (typically those that have password input boxes) can enable Secure Keyboard Entry mode silently, leaving you wondering why you're seeing the system app switcher instead of the Witch switcher when you press Command-Tab.

So how do you fix this? Unfortunately, the OS itself won't tell you when Secure Keyboard Entry is active, nor which app or web page activated it. But Witch has a feature that may—or may not—help you out. To use it, do the following…

First, on the Actions tab in Witch's settings, you must check the "Show in menu bar" option for at least one of your switchers—the setting is located on the right side, under the keyboard shortcut assignment boxes.

Now find the Witch icon in your menu bar—it should be an icon representing the frontmost app—and click it to open the menu. Ideally, you'll see something like this:

If you see the above, you know exactly what you need to do to fix the problem: Disable Secure Keyboard Entry in the listed app. How exactly do you do that? It may be a menu item, as in Terminal. It could be a prefs setting. It could require closing the app's window. You may have to finish inputting your password on some web page (or click out of the password input box). In short, there are many ways to disable Secure Keyboard Entry, and you'll have to figure it out on a case by case basis.

Unfortunately, it may be even hard than this, because Witch may not show any message in its menu bar menu—or it may say something generic like "System." That's because the mechanism we use just relays what the OS tells us, and sometimes, it doesn't tell us much of anything.

In those cases, you'll have to go hunting for the cause—the most likely suspects are applications and web pages that have password input fields; if those fields are active, or sometimes if they're simply displayed on the app or web page's window, Secure Keyboard Entry may be active.

It's also theoretically possible that there are apps that have Secure Keyboard Entry active all the time with no user control over its activation. In those cases, you'll never be able to use Command-Tab to see the Witch switcher if that app is running. (We're not aware of any such apps, but they may exist.)

If you tire of the search for the offending app when using Command-Tab with Witch, the only permanent solution is to use different activation keys for Witch: The method we use to trap everything but Command-Tab works when Secure Keyboard Entry is active. (The reason we need two methods is that Command-Tab is a special combination reserved by the OS, so we have to capture it differently than we do the other activation keys.)