TreasuryDirect password cannot autofill
TreasuryDirect is a US government service that lets users purchase US bonds from the Treasury directly (hence the name). It's... old school, shall we say. This is the login page, but unfortunately you cannot get to the password page without entering a valid account number. I've attached a screenshot of the password entry page.
The intention, presumably to stymie keyloggers, is that the user clicks the keys on the virtual keyboard to enter their password. Obviously, this is slow and rather error-prone, especially with a long, complex password generated by 1Password. (Side note: the password is not case sensitive, which is a little scary) Unfortunately, 1Password in the browser cannot autofill the password. I experimented a bit with tweaking the page's HTML, and the issue seems to be that the input has the attribute readonly="readonly". When I delete that attribute, 1Password can fill the field correctly.
Are there any existing solutions to allow 1Password to fill this password? Right now, I hack at the HTML manually each time I log in, though I might investigate getting a browser extension that can do this for me. Interestingly, there are a couple previous threads about this, but they're ancient.
Comments
-
I can safely say that the last time I was on that site, was the last time I was on that site. It is dreadfully bad.
I found no workaround for the pop-up keyboard. In the end, I just threw away my login entry, and my wife and I had a nice laugh.
0 -
Yeah, it's definitely not going to win any design awards. But as far as I know it's the only way to buy certain savings bonds, so I'm stuck with it.
0 -
I think that 1Password had a work around for this before on the Mac 7.x version. It recently stopped working. I also had some javascript in a bookmark to change the readonly attribute, but that stopped working recently as well. There is some javascript that currently works to remove the attribute that can be found on the internet that you can put into a bookmark, but I am waiting for a 1Password solution to make this work again that I personally don't have to maintain for my 1Password family!
0 -
Thanks @bh444. I've found your support request, we'll continue to work with you there! 😊
ref: QGX-25992-922
0 -
@ag_chantelle @paul.m_1p
I am not really thrilled that 1Password forces bug reporters to send in a JSON file gathered from the non-working login page. This JSON file contains personal information including my username, and my (worthless) personal image caption. I edited the file before sending it in to remove my personal information. You had enough data to fix this bug, and have in fact have fixed it at least once in 2016, seemingly without collecting a username. See https://1password.community/discussion/comment/332958
You should be able to fix a bug or add a feature without collecting personal user information that should remain private. A less sophisticated user would have sent you their username in this file. If a well intentioned developer used my username in their bug fixing activity, my account could easily be locked or disabled when unsuccessful login activity was detected from potentially anywhere in the world as a result of testing a bug fix.
I don't think I'll be using your email reporting system again.
0 -
Hi @bh444! Thanks for raising your concerns here, and I'm sorry that this information was initially included. Collecting the page details tells us what the extension sees when deciding what can be filled, so it helps us find what the problem is. This allows us to work with more information to create a fix for a website.
We don't use your username when troubleshooting, and redacting this information was the right thing to do here. I'll share your feedback on this with the rest of the team to see if we can improve things in the future.
0 -
I'm looking forward to a solution. Has any progress been made or is there some estimate of when there will be support for that site?
0 -
Hey this is still a problem (March, 2023).
Having to go in and inspect elements to remove the readonly attribute is not user friendly at all. Can we get some movement on this? There's this article from 14 months ago on how to work around it, but it would be just so awesome if, now that 1password is a browser extension; if it could handle that itself so I don't have to worry that my mom is reusing the only password she knows for the TreasuryDirect website, (it was enough work getting her moved over to 1password in the first place!) that would be such a relief!0 -
Hello everyone,
We've made some improvements here with 1Password in the browser version 2.7.0 and higher:
Logins now fill from the pop-up and new passwords are properly suggested on treasurydirect.gov.
When you're on the treasurydirect.gov login page, click on the 1Password icon in your browser's toolbar and then click Autofill. 1Password will fill your password into the website.
-Dave
ref: dev/core/core#191
0 -
Nope.
just tried it with 2.10.0 and FF 112.0.10 -
Hey @huffalumpy,
I have reopened the issue and flagged this with our development team to look into again, I'm sorry for the trouble!
0 -
Probably no need to spend much effort on this. The TreasuryDirect login page now says:
The Virtual Keyboard will be removed the week of May 7th to improve the customer experience.
0 -
A little off-topic for the 1P Community, but I have to say I'm absolutely elated to hear that TreasuryDirect is removing that awful security-theater keyboard.
0 -
Maybe they read my comment:
I found no workaround for the pop-up keyboard. In the end, I just threw away my login entry, and my wife and I had a nice laugh.
:-)
0 -
Thanks for sharing @ravron! I've made a note of this in the issue report.
0
