iOS Password API show other websites as 'Saved Passwords' when entering Master Pass in 1PW iOS App
Hi Team,
1Password application is showing incorrect websites that do not correlate to the website being signed into. In this case it's the Master login for 1Password Application. This has not replicated in any other website for whatever reason.
Replication:
1. Install 1Password.app to iOS device, sign in and have it enabled iOS's Password API System integration
2. Navigate to my.1password.com OR open the 1Password application (whilst not signed in)
3. Have iOS suggest a website to use to sign into the 1Password app
4. Weird sites that do not share 'my.1password.com' as their website appear as results that can be used to sign into 1password when that's clearly not the case
Troubleshooting:
- Attempted to update website URLs for affected in my 1Password catalog
- Added 'www' to 'wrong' links / websites
Images / Screenshots Attached.
Keywords:
iOS, API, Password, Choose a saved password to use, Wrong Site, Wrong login,
Device: iPhone X
iOS Version: 12.1.4
iOS Version: 7.2.7
Application Affected: 1Password
Login Affected: 1Password (Master Password)
Other: Inbuilt Password API function
Error: N/A
1Password Version: 7.2.7
Extension Version: Not Provided
OS Version: iOS 12.1.4
Sync Type: iCloud
Comments
-
It might be that the "wrong" logins do not come from 1Password but are from your iCloud Keychain. Maybe check the saved passwords in the iOS System settings for those entries. You can also deactivate the iCloud Keychain integration if you have your passwords saved in 1Password only.
0 -
Indeed. We've explicitly prevented 1Password from showing any login credentials on the 1Password lock screen. It will give you "No logins found". But we cannot prevent others from doing so. It is probably best to disable iCloud Keychain (or other providers) to avoid this kind of confusion.
0 -
Hi Team,
That makes so much sense! I've had since disabled 'Autofill Password' for 'iCloud Keychain'
Resolution: For anyone interested
1. Navigate to Settings > Passwords and Accounts > Autofill Passwords
2. Untick 'iCloud Keychain', leave 1Password Checked
3. Attempt to replicate issue
Sidenote: I wonder why iCloud Keychain is trying to enter the information there? Maybe cause it has the hostname in the iCloud Keychain entry? Anyway I guess that's for another time.
Thank you @peacekeeper and @brenty for your time and keep up the good work :)
Issue resolved
Regards,
Timothy
0 -
Hi Team,
Last follow-up, went to the root cause:
Root Cause: iCloud saved User/Pass data entries for websites entered into 1Password when I had iCloud's Key generating passwords for websites.
1. Navigate to Settings > Passwords and Accounts > Websites & App Passwords
2. Navigate to '#'
3. Locate any entries under '1Password' with a non '1Password' website. E.g vivino in my image.
4. Delete those entries and also disable iCloud Keychain autofill if you have not already
Have a good day people!
0 -
Thanks for the update @mrtimothy. For anyone else reading, we do mention this in our guide about turning on Password AutoFill:
Use 1Password to fill and save on your iPhone and iPad
Perhaps we should consider beefing up this language to more strongly encourage this, though.
Ben
0 -
@Ben, it would be nice if you could make it so that 1Password just inherently took over the default password management settings similar to how 1Password X changes the settings in Google Chrome. Unfortunately, with iOS, making these kinds of OS level changes are not always (or never) allowed by Apple to 3rd party developers. Your suggestion of "beefing up this language" might be the best option until something changes at the OS level. Maybe instead of having it listed as a TIP though, it could be a recommended or required step "to avoid conflicting password information"?
0 -
Indeed; as you mention we don't have the ability to do that on iOS. I'll talk to our documentation folks and see what they think about making this more prominent.
Ben
0
