Feature request: Make it possible to say "don't ask me again about this form"
Maybe there is a way, but I didn't find it.
The scheme may be of interest, it is a minor irritation, but not more. I frequently log into a web site that has you enter a pin as follows
So if my PIN is 1234 I would type in TGDU this time. But if I log in again the 10 letters will be different. So when it says "save in one password?" or "suggest a password?" the answer is no, it wouldn't help. But it always asks.
1Password Version: 1passwordx
Extension Version: 1.19.2
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:don't ask
Comments
-
Hey @aaron_meyerowitz ,
We currently have a temporary "Hide on this page" button in 1Password, which you can get to by clicking the "Suggestions" at the bottom of the 1Password popup (where it suggest a password or to save in 1Password), then scroll to the bottom and select "Hide on this page".
This will hide 1Password on that particular page until the next time you restart your browser.We also have plans to implement a more permanent solution that will remember your request to hide 1Password constantly, so do keep your apps up to date and stay tuned :chuffed:
On a different note, this login method the website implements here adds zero security to your login process and is quite horrific, design wise. I strongly suggest you send that website our open letter to the banks (with minor changes in case it is not a banking website): https://blog.1password.com/an-open-letter-to-banks/
0 -
OK, that does it. Thanks!
I was curious if it is really such a bad idea . It seemed clever to me. It is kind of the last step. One must have a strong password and one is required to have two factor authentication (by text message or authenticator app). It is "Open ID Connect", whatever that is.
Once in, you aren't kicked out that readily (which is good) but after a short period of inactivity or for whatever reasons, you must enter or re-enter the PIN. If an adversary can capture the screen image and the key strokes, that would compromise the PIN. But someone intercepting the key strokes in transit or the browser history gets no information (except if the PIN has repeated digits.) One mis-enter sends you back with a completely new permutation. So is really so horrific?
0 -
Hey @aaron_meyerowitz ,
I'm glad I was able to somewhat help :)As for the process itself, it is quite horrific, at least on the UI/UX side of things, as I'm not 100% sure I comprehend the security process there. Users should not have to deal with such crazy login/pin screens that map numbers to characters or don't allow keyboard input etc. What added security does it provide? If a computer is compromised, nothing will help (not even 1Password). If a computer is not compromised, then why not allow the users to use a proper 2FA/TOTP and autofill it if they can and improve their user experience and workflow?
I don't see an upside here to that login form, but that may be just my opinion ;)
0 -
@ag_yaron Thank you for pointing out the Hide on this page option, I would've never thought to look there for this setting. I am sad that it's only available per browser session though. Is there any update for the implementation timeline to have a more permanent solution?
I would also appreciate the ability to hide the extension from entire domains rather than just specific pages.
0 -
This is definitely on the roadmap @mgrossi77 :+1:
0