Unable to auto-fill the BCR Bank login page

The BCR bank changed their login form and now 1Password is unable to auto-fill the details, not sure what might have changed.

I'm using Firefox 84.0.1 in Linux with the 1Password X plugin 1.22.3

The login page is found at https://www.personas.bancobcr.com/plantilla/index.asp


1Password Version: Not Provided
Extension Version: 1.22.3
OS Version: Arch Linux 5.9.16
Sync Type: 1Password
Referrer: forum-search:bank

Comments

  • ag_yaronag_yaron

    Team Member

    Hey @codebeta ,
    Thanks for reporting this.

    Looks like some wacky form design they made there. I've asked one of our developers to take a look and see if there's anything we can do to make things better on that website.
    In the meantime, you can grab the username/password from the 1Password X extension's window with your mouse and drag it over to the fields on the website, which will allow you to fill them quickly and easily as a workaround.

  • Thanks for taking a look into that site. I’m not surprised that it has a wacky design, local banks here seem to really love doing that, which is so weird.
    Will check that workaround, have been doing the copy-paste steps, but like the drag-and-drop method you suggested.

  • ag_yaronag_yaron

    Team Member

    Banks are known to go for weird login forms. So much that we actually went ahead and wrote a letter that our users can send to their banks: https://blog.1password.com/an-open-letter-to-banks/

    Feel free to use it :)

  • ag_yaronag_yaron

    Team Member
    edited January 4

    Hey @codebeta ,
    So it looks like 1Password is actually autofilling correctly, but then there's some javascript running there that clears the fields when they are being autofilled.

    Looks like it is indeed intentional behavior of the bank's website. We'll look into it and see if there's anything we can do on our side of things. Thanks for bringing this up!

    ref: dev/core/core#4166

  • Oh ok...also seeing that doing the drag and drop might not work either, appears that the JS script is doing a bit more than just clearing the autofilled credentials.

    I'll write to the bank, see if they change their 11 character password limit and only alphanumeric while they're at it.

    Appreciate the time the team has looked into this.

  • ag_yaronag_yaron

    Team Member

    I agree @codebeta ,
    You should definitely try to knock some sense into them. Forcing users to type in their passwords is quite a security risk.

    And yeah, 11 characters long password with restrictions is also a bad idea :chuffed:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file