BETA: My password got overwritten by a string of asterisks on Bank of America.

benmattison
benmattison
Community Member
edited October 2020 in 1Password in the Browser

I am running the newest beta (which has some very cool interface updates). I filled my password and logged into Bank of America as usual. Even though it wasn't a new password, 1Password asked if I wanted to update. Without thinking, I clicked on "update existing." It turned out that it had captured the line of asterisks that the site displays in place of the password. This issue seems to be specific to Bank of America (which I saw was mentioned in the beta release notes).

This would have been a two-second fix except that I also couldn't find a password history in the 1Password app and freaked out a bit. Eventually I found another thread about where it had moved.


1Password Version: 7.7-BETA-10
Extension Version: 7.6
OS Version: MacOS 10.15.6
Sync Type: 1Password

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @benmattison ,

    Bank of America turns all the characters of the password into asterisks as soon as you send the form (by clicking the sign in button or by hitting Enter to send the form), which is then being picked up by 1Password. Since 1Password identifies a new input in the password field, it triggers the save/update prompt, as it should and as expected.

    This is quite the edge case, not sure if there's anything we can do for this specific website. We'll look into it though.
    I'm glad to hear you managed to find your original password afterwards. If you encounter any other issues, feel free to bring it up and we'll gladly try to help.

  • benmattison
    benmattison
    Community Member

    Thanks @ag_yaron. That makes sense except that I don't get this behavior in 7.6, which I am still running on another computer—just in the beta.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for the pointer @benmattison .
    I'll have the team look into it!

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @benmattison ,

    After looking into this, it looks like the beta version contains some major changes to how 1Password collects data from a page, which is why it is being triggered in Safari (and only in Safari) to save a new login in Bank of America's website.

    While the developers will see if there's anything we can do to prevent that, for now I can offer a possible workaround:

    1. Open the 1Password 7 desktop app.
    2. Click the "1Password" menu on the top left next to the Apple logo and select "Preferences".
    3. In the preferences window that pops up, select the "Browsers" tab and add "https://bankofamerica.com" to the exclusion list.

    That way, 1Password won't trigger the save prompt again, but you'll still be able to save via the inline menu that shows up inside the username/password field, should you ever need to change or update your login entry. :)

  • benmattison
    benmattison
    Community Member

    Thanks @ag_yaron. Very helpful.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Glad I could help :chuffed:

  • gmpalter
    gmpalter
    Community Member

    I am running the release version of 7.7 and this behavior still occurs.

    I tried the workaround noted above but it didn't work.

    I also tried selecting "Never autosave for this site" when 1Password offers to save the password and that also did not work. (Selecting that option adds "secure.bankofamerica.com" to the list of excluded domains.)

  • benmattison
    benmattison
    Community Member

    @gmpalter What do you mean when you say it didn't work? Is the save/update password dialog still coming when you autofill your password on the Bank of America site? I used the little gear icon and selected "never autosave for this site" and it no longer pops up for me. Of course, if I should need to change the password, I'll need to do it manually in 1Password.

  • gmpalter
    gmpalter
    Community Member
    edited November 2020

    Yes, the save password dialogue still appears even after selecting “never autosave for this site”. Further, when it appears again and I click on the gear, “never autosave…" shows as already selected.

  • Hello @gmpalter,

    Bank of America's site is quite interesting, and we are looking into it. If adding the link to the exclusion list doesn't work, please try these steps to prevent 1Password from asking to update your websites.

    Open the 1Password app => Select 1Password 7 in the menu bar=> Preferences => Browsers => Autosave => Turn off the "Detect new users and passwords and offer to save them " Option.

    After that, you can follow the steps here to save a new login when you are on a new website, or you can select "Save in 1Password" button on the 1Password inline menu after you enter the password field.

  • gmpalter
    gmpalter
    Community Member

    Ok, this is strange.

    I just tried the first workaround you posted above (i.e., adding "bankofamerica.com" to the exceptions list) and this time it worked to prevent 1Password from asking to auto-save.

    I agree that Bank of America's website is strange. Another example -- If I wait a few seconds after 1Password autofills the login credentials in response to "Open and Fill", the website erases the password and I have to ask 1Password to refill it.

  • kaitlyn
    kaitlyn
    1Password Alumni

    @gmpalter – I've seen that happen as well. It seems like the page actually changes a bit once it fully loads.

    I'm glad to hear Nhat's instructions did the trick. That said, disabling "Detect new users and passwords and offer to save them" causes 1Password not to offer to save Logins on any website. Nhat mentioned how to save a Login manually, but I wanted to make sure that was clear.

    ref: dev/core/core#3005

This discussion has been closed.