Please add check to NOT having 1Password dropdown blocking CAPTCHA image

yt28
yt28
Community Member
in 1Password in the Browser

It's just a little annoyance, but please consider adding check for captcha fields and not popping up 1Password dropdown menu. For example, in the above webpage, the source code contains several hints that password-filling won't help in this field. The dropdown menu blocks CAPTCHA field completely.

<li class="captcha-input-container" id="captcha-input-box-user_forgotpassword"> <label for="captcha_user_forgotpassword" class="required"><em>*</em>Please type the letters below</label> <div class="input-box captcha"> <input name="captcha[user_forgotpassword]" type="text" class="input-text required-entry" id="captcha_user_forgotpassword" /> </div> </li>

1Password Version: 7.7.810
Extension Version: 2.0.4
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @yt28 ,

    That's a bit tricky as we can't exactly tell where the captcha field and image are located on the page (physically) and how far are they one from another.
    However, perhaps you'll find the following helpful:

    • You can click the little 1Password icon on the right corner of the field to close the inline menu.
    • You can press the ESC key on your keyboard to dismiss the inline menu.
    • You can click anywhere else on the page to remove the focus from the field to dismiss the inline menu.

    All of the above will allow you to see the captcha or any other field that 1Password is blocking.

  • yt28
    yt28
    Community Member
    edited July 2021

    Hi, I understand it's not possible to know the position of the captcha box, but what I was suggesting was that in the source code above, it is quite obvious from the HTML (input name="captcha...) that the text box is used for Captcha. So unless 1Password can read the Captcha for me (which would be fantastic!) it could safely ignore the text box (i.e. don't pop up anything) in virtually all cases.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for clarifying @yt28 .
    I seem to have misunderstood you. I thought the 1Password inline menu was blocking your view, in which case it is easily dismissible, but you meant that 1Password actually should not show suggestions for the captcha field itself - and you are correct.

    Is there a way for us to reach that page so we can run some tests here? If not, would you be able to reach that page again and grab the page's structure for us? Here's how:
    1. Get to the page with the captcha field.
    2. Right click the 1Password extension icon on the top right corner of your browser and select "Help" -> "Collect Page Structure".
    3. Send us the file to support+x@1password.com with a short description and a link to this discussion here.

    Keep us posted.

  • yt28
    yt28
    Community Member

    I couldn't find the original website (was changing password for hundreds of sites yesterday and encountered this problem quite a few times.) Here I found a few more:
    https://www.u-mall.com.tw/Login?url=/orderhistory
    https://login.global-business.com.tw/Login.aspx
    https://www.office24.com.tw/login?k=webLogin&m=login

    It would be a nice-to-have. So similar to how you would look for "username" and "password" fields on a web page, here you would look for "captcha" or something similar and avoid popping up menu for those. Because 90% of the time it blocks the captcha itself (it's fine to press ESC key, but it actually gets a little irritating after awhile.)

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited July 2021

    Thanks for the links @yt28 .

    In all of them there's no "captcha" keyword in the HTML code of the fields. They all address that field as "verify_code" or something similar, which is a keyword we already use for 2FA/TOTP fields. If we disable that keyword 1Password won't be able to autofill 2FA/TOTPs.

    The first website you mentioned here does have the word "captcha" in its description which is what I'm looking for, but if most of the websites you use look like the three links you just provided, then I'm afraid that won't do much good even if we blacklist the word "captcha".

  • yt28
    yt28
    Community Member

    You're absolutely right.. I just checked and they use "ctl00_MainContent_txtCheckCode" and "login__verify_code" or something similar. It's terrible, so many websites out there still insist on having these ineffective Turing tests...

    Still, what if we consider...
    1. looking for the label or text prompt instead of the HTML field name itself? The common keyword is "驗證碼" or "認證碼" on traditional Chinese websites and these two words won't be confused with 2FA/TOTP.
    2. or just not popping up the drop-down menu if that field isn't one of the saved fields with data in 1Password vault?
    3. or having a language/region-specific rule of keywords. I find that websites in one country usually adheres to similar design practices. (For example it's easy to tell a British site from an American one just by looking at colors and layout. Chinese sites in Hong Kong, Taiwan and China also have distinctive patterns.)

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for the suggestions @yt28 .
    We'll look into it and see what we can do.

  • yt28
    yt28
    Community Member

    Thank you. I have collected page structure via 1Password extension for many popular websites, zipped the JSON files and sent to support+x@1password.com for your investigation. These are big e-commerce sites, financial institutions, government agencies, couriers etc in Taiwan. Hope it would help. Thanks.

  • ag_tommy
    ag_tommy

    :+1:

This discussion has been closed.