Usability Digest Dec. 2023: Improved autofill reliability, lock state, and item title generation

Hey folks! As 2023 is coming to an end, we hope all your holiday preparations are coming together well. I’m happy to say we have a few end of year gifts to unveil to start 2024 off strong!

We’ve always been committed to making 1Password a more intuitive and easy product for you. Throughout this past year and moving into next, we have and will continue to raise the bar of our user experiences across the browser, desktop and mobile apps.

When it comes to the 1Password Browser Extension, we’ve been making hundreds of improvements in the last couple of months to make your day-to-day lives with 1Password better. All of these updates are now live, and we can’t wait for you to try them! Check out our release notes here for a full list of everything that’s been improved. Otherwise, here are five of our favorite improvements we’ve made, brought to you by the developers who created them.

Feel free to give us your feedback or suggestions on what you’d like to see next in the comments below. Cheers to the end of 2023, and we look forward to building a better product with you in 2024!

Better Performance with Pending Chrome Update - Rudy Richter, Staff Developer

Sometimes, the connection between the 1Password Browser Extension and desktop app stops and you’ll be required to unlock both separately until you perform a pending Chrome update. This can become quite annoying especially during the work day where updating Chrome isn’t at the top of your to-do list.

This occurs because on macOS, there are two code signatures at work for any given application: an on-disk and an in-memory. When Chrome issues an update, it does an in-place update — it replaces its on-disk files directly while still running and relies on you relaunching the application to “update” the application. Until you restart Chrome, the on-disk and in-memory code signatures no longer match. In choosing a path forward for our signature check, we needed to weigh the risk of relying on the on-disk signature as a means of determining if we should trust Chrome when it's in this “updated but not yet restarted” state.
Now, when Chrome is in a state where an update is pending, we will initially perform a dynamic check. When that fails, we will then do a static code signature check to see if that at least meets its designated requirements and that its code signature is intact before trusting it. This change will result in unlocking the extension and the desktop separately much less often.

Improved Item Title Generation - Michael Carlyle, Junior Developer

For some time, 1Password has had existing logic to determine the best title for an item when saving a new login from a website, but it hasn’t been without its limitations. The web is vast, and there’s no forced standard to which we can expect all web developers to adhere to 100% of the time. Previously, we looked at a combination of things when saving an item title via our browser extension, like the page title itself, domain, or capitalization of the page title. But this isn’t perfect.

Now the 1Password browser extension has default item titles for the top 900+ sites online – no guesswork required. It turns out that the ability to craft titles given a list of domains is something AI is well suited for. We gave a large language model a prompt with our requirements, and it returned a nice JSON file that we could then work with directly in our Rust code that generates item titles.

This brings you the benefits of better titles for the most popular websites like American Airlines (previously titled AA), improved international title support, and better differentiation for logins with different subdomains like Google.

Offline Browser Extension Improvements - Chris Burgin, Senior Developer

If you've ever experienced the frustration of an unreliable internet connection, you'll appreciate the offline improvements we've made to the 1Password Browser Extension. In the past, recognizing offline and online states posed a challenge, impacting the ability to save passwords after your connection was re-established. We now check network status more regularly ensuring we have the most up-to-date information. In addition, we also gracefully recover when you come back online. No longer will you be told that your password can not be saved while offline when you are, in fact, online.

Improved Autofilling for Sites with Shadow DOM Elements - Darrell Roberts, Senior Developer

We are pleased to announce that the 1Password Browser Extension will now recognize and autofill more efficiently on a larger number of sites that leverage Shadow DOMs. This will make sites like Reddit, CVS, Royal Caribbean and more perform like butter. But what was the issue previously?

Web components are a set of technologies for creating reusable custom DOM elements when building a website. One of those technologies is the Shadow DOM. As the name suggests, elements inside the Shadow DOM are private and rendered separately from the main document DOM.

Websites that have forms, input fields or any other element that could be autofilled defined inside a Shadow DOM would not be accessible to 1Password extension. This would result in the 1Password autofill menu not showing up when a user interacted with an input field. As a result, we would not be able to offer autofill suggestions and consequently were incapable of filling a user's desired 1Password item. To be able to work with sites that use Shadow DOMs, we had to augment and, in some areas, alter the way we would analyze the site to be able to include all Shadow DOMs that could be defined on the website. As of today, you should have a much easier time autofilling these types of pages.

Improved Autofilling for Login Forms Using Focus Traps - Jeff Cleary, Staff Developer

There has been a long-standing issue with “focus traps” on website login forms. These are implemented as accessibility improvements to help contain browser focus during login actions, but would cause 1Password to close before autofill actions could occur.

Because of this, we explored several approaches to fix this issue. These fix ideas ran the gamut – from changing our autofill menu injection strategy to “listening to the listeners,” i.e. detecting when an unwelcome focus switch was about to happen and preventing it. A drawback that many of these ideas suffered from was adding additional complexity that could compete, and potentially interfere, with the logic and intent of the host website.

In the end, a simpler solution presented itself: by preventing the default focus event on the mousedown action on our inline menu, we were able to perform the click handling logic and complete the autofill before the completion of the click event that ultimately triggers a focus change. This small change was enough to fix the issue for the vast majority of reported cases on sites like Disney, TikTok, ESPN, Walmart, Domino’s and a whole lot more - enjoy!

This discussion has been closed.