EON Energy auto-fill broken

nickwaters

I've noticed that the login page for E.On (a large German / British energy firm) is broken.

You can get to the page here.

https://www.eonenergy.com/login

• Type in anything "test@gmail.com" or "test123" (it doesn't matter what) and then click "Continue".
• On the next page type in several characters and the "Log in" button turns red (ready to be clicked).

But, if you use 1Password's auto-fill (the browser extension) it fills in the data but doesn't change the "Continue" or "Log In" buttons from grey to red.

Basically if you add an extra character at the end of the username (and press backspace to remove it) then it works. The same trick is required for the password.

Obviously this is some weird anti-fill behaviour, much like an anti-copy and paste feature.

Is there any way that 1Password could fix this in the background (or implement the fix I described above)?

Thank you

Edited to add: I'm using the 4.7.5 extension in Google Chrome; not 1Password X.

ag_ana

Hi @nickwaters!

There might be something strange going on with that website at the moment. This is what I get when I try to access the URL you shared:

nickwaters

Thanks for trying @ag_ana

I don't know if they're using geo-fencing restrictions but the site's working for me.

There is a sign (as of today) indicating the site is undergoing maintenace.

Maybe if I bump this thread on Monday you'd be so kind as to take another look. :)

ag_ana

Sounds good @nickwaters :+1: :)

nickwaters

Hi @ag_ana the site's loading for me (but not auto-filling passwords).

Could you take a look when you get a moment?

Than you

ag_ana

@nickwaters:

I have tried visiting the website again, but I still get a 403 - Forbidden :(

nickwaters

I've just tried it myself (using various countries via a VPN) and it's working.

I also tried a proxy site (Kproxy.com) and pasting the URL into there and it's working through that.

I'm not sure why it's not letting you visit. :|

https://server6.kproxy.com/servlet/redirect.srv/sruj/shqcqascev/spqr/p2/login

gadget78

the problem with the eon site, is that altho it will paste/fill in the field ok...
the fact it wasn't "typed" the site doesn't see you have filled it, and thus wont let you press button ...
if you type in any character on end of what 1pass filled for you, then delete that character (so the login/pass is correct again),
it sees something has been typed, the button then lights up from being grayed out ... and you can continue ...

hope that makes sense ?

ag_tommy

@gadbet78

Thanks for the assist.

nickwaters

Hi @gadget78

if you type in any character on end of what 1pass filled for you, then delete that character (so the login/pass is correct again),

Thanks for the suggestion - this is what I was stating in the original post... with a view to seeing if 1Password can automate that process. ;)

Basically if you add an extra character at the end of the username (and press backspace to remove it) then it works. The same trick is required for the password.

It seems Ana's having some difficulties getting onto the site.

Perhaps if somebody from AgileBits in the UK (or a different country) could take a look?

ag_yaron

I've also tried entering the website but am not getting through.
Regardless, I know of the behavior you speak of.

The website does not intentionally try to prevent autofilling. It is more of a design flaw than anything else. 1Password does not copy-paste or types anything into fields, it injects the input into the fields directly, so the JS of that design doesn't recognize that anything has been typed into it. I have encountered it before and the best suggestion I have is to send an email to the website's support, explaining why their login form's design negatively impacts the security of their users.

We intentionally prefer to inject the data into the fields than to copy-paste or virtually type the information in order to prevent potential security risks such as keyloggers or other malicious programs that can record your keystrokes and/or your clipboard.
There are no plans to address this specific issue as it is not that common, but I would give 1Password X a try if you can, it might work properly there since I do know it changes something in the field that often works where the good old companion extension doesn't.