Any way to *TRULY* auto-fill entries without user intervention?
Hi guys,
LastPass calls it the same - autofill - yet the behavior is so inherently different than 1Password.
Here are the differences:
1Password: I see blank login fields. I have to hit CONTROL + \ to get it to login.
vs
LastPass: user and pass will automatically paste themselves inside of the fields and log you in.
To me, auto-fill means AUTO-fill. No user intervention. I have read the entire manual word for word (PDF) and played with every setting I could find and yet I still can't get 1Password to automatically fill my fields and log me in without user intervention.
Am I missing something? Is this intended? If so, why?
Comments
-
Hi @mia,
I agree with your definition of "auto-fill" and I think the confusion here is that 1Password doesn't actually have an auto-fill feature. It will only fill your data when you explicitly tell it to do so. We have a bit more information here: Automatic form filling
Because sensitive data is involved, we never assume the user just wants us to do something automatically, so we leave the control in the user's hands.
If our user guide refers to 1Password having an auto-fill feature, please let us know where you saw that, as that would definitely be a typo! :)
0 -
I agree with your definition of "auto-fill" and I think the confusion here is that 1Password doesn't actually have an auto-fill feature. It will only fill your data when you explicitly tell it to do so. We have a bit more information here: Automatic form filling
I guess that's why I was so confused. It should be called "click-to-fill" or something :)
Click the 1Password button in your browser’s toolbar, and choose the Login item for the login form you want 1Password to display, fill, and (optionally) submit.
That's a much clearer explanation that I wish I had read at the beginning.
Because sensitive data is involved, we never assume the user just wants us to do something automatically, so we leave the control in the user's hands.
Well, to be completely frank I wish I had the option of turning this on a site by site basis. This IMO is a huge glaring omission by intention and hope the developers will consider this a priority functionality.
Lastpass does this by default. Robo does this.I think you're right not to turn it on by default, but not having a checkbox in the credential detail box and a global setting would seem prudent and advantageous to the user.
I sincerely hope you will consider this for the near future! It's a ridiculously useful feature that some users will no doubt welcome
0 -
You're right. Upon review, the manual does NOT say auto-fill. My mistake, sorry.
I found the following:
auto-type
auto-save
auto-fill (opera reference)0 -
Click the 1Password button in your browser’s toolbar, and choose the Login item for the login form you want 1Password to display, fill, and (optionally) submit.
That's a much clearer explanation that I wish I had read at the beginning.
Here's what's under Using a saved Login in the Quick Start section of the 1Password 4 for Windows User's Guide:
The easiest way to use a saved Login item is through the “go and fill login” feature in the 1Password browser extensions:
- In your 1Password-enabled browser, click on the 1Password button on the browser’s toolbar.
- In the extension menu, choose Logins, and navigate the folders to find the Login for the site you want to visit.
- Click on the Login item for that site.
1Password directs the browser to the saved URL, enters the saved username and password, and (optionally) submits the form.
Here's what's in the Glossary, also found in the user's guide:
Auto-save
The optional feature by which 1Password automatically offers to create a new Login when you submit a form at a URL for which you do not yet have a Login stored.
Auto-submit
The optional feature by which 1Password automatically submits a web form after filling it with your stored credentials.
Auto-type
(Windows only) An alternative form-filling mechanism that may work on sites that don’t accept 1Password’s standard method and even in some programs that are not browser-based.
The only reference to "auto-fill" that I find in the user's guide is in the instructions for disabling your browsers' password management features (so they don't conflict with the richer features provided by 1Password). The subsection on Opera mentions it because that term shows up in the Opera settings.
0 -
Auto-submit The optional feature by which 1Password automatically submits a web form after filling it with your stored credentials.
I think this is what confused me. Auto-submit to me means auto-fill. It is 'automatically' submitting the information without user intervention. It's just symantics at this point though.
0 -
Submitting a form is what you do when you press the Enter key or click the link or image labeled "OK" or "Submit" or "Log in" or something similar. 1Password will automatically submit a form that it has just filled, unless you disable that feature (globally or for individual Login items).
Filling a form is what you do when you type your username, password, or other information in the various fields on the form. 1Password can automatically fill a form, but only if you tell it you want it to do that (for the reasons Drew stated above) by one of the methods mentioned in that article from the user's guide.
0 -
Yes, the & Fill part is what tells 1Password that you want it to fill the form, in which respect it's the same as pressing Ctrl+\ or clicking on the 1Password extension in the browser's toolbar.
All three cases conform to the statement from the Automatic form filling article cited by @Drew_AG:
1Password does not automatically detect that you have a Login saved for the page displayed in your browser and fill it for you. You have to take an action to get 1Password to fill the fields on a login form.
...and his excellent explanation:
Because sensitive data is involved, we never assume the user just wants us to do something automatically, so we leave the control in the user's hands.
0 -
so we leave the control in the user's hands.
I can understand the rationale, but if the application is matching the domain name to the password supplied and autofilling it accordingly; is that such a bad thing? This is how LastPass works. It automatically matches the domain and auto-fills the credentials with what is stored.
0 -
if the application is matching the domain name to the password supplied and supplying it accordingly; is that such a bad thing?
This is exactly what we do AFTER you yourself press Ctrl+\
0 -
@mia
Like svondutch said, the user can reduce the amount of necessary intervention by using the keyboard shortcut.Your idea is good, but if a user has more than one entry for a particular site (e.g. more than one Gmail account), how would it know which one to fill automatically?
All this would have to be set by the user, opening the possibility for more frustration through increased complexity.I agree that there might be room for improvement and we'll keep an eye on this.
Cheers :)
0 -
Your idea is good, but if a user has more than one entry for a particular site (e.g. more than one Gmail account), how would it know which one to fill automatically? All this would have to be set by the user, opening the possibility for more frustration through increased complexity.
How about this. Give user an option in the window saying "Autofil". I check a bunch of sites daily and I miss LastPass's autofill feature specifically because it required no intervention from me. At any rate, CTRL + \ is not bad, it's just slightly more cumberson on some sites. Perhaps it should be a feature that's enabled manually in each site?
0 -
Perhaps [Ctrl+\] should be a feature that's enabled manually in each site?
If you mean each site should be coded to detect Ctrl+\:
We'd never convince tens of thousands of developers to modify hundreds of thousands of login pages.
Even if we did, we wouldn't want to make it possible for any old web site (or someone spoofing that web site) to gain access to your 1Password data.
If you mean each Login item item would have an Auto-fill option, that might be something we could consider for a future version, but it still seems to contradict what we think of as safe Internet practices, as explained above.
Thanks for the feedback, though!
0 -
If you mean each Login item item would have an Auto-fill option, that might be something we could consider for a future version, but it still seems to contradict what we think of as safe Internet practices, as explained above.
Yes, that's what I meant. This would be a high priority feature in my opinion as all the other players have it.
With that said DBrown, I don't want to seem like I am saying LP or Robo are better than 1PW. Quite the contrary. I am finding that 1Password's CONTROL + \ implementation is advantageous on some sites.
0 -
I will say one thing; 1password is *****ing amazing on most sites! It is powering through sites LastPass shamefully choked on! This thing is unstoppable so far :D
0 -
Wow, thanks @mia! We aim to please :)
Login forms work a bit differently on just about every website that has them, and some forms are a lot trickier to fill than others (some sites even try to prevent extensions from filling their forms at all). But we try our best to work correctly with as many sites as we can, so I'm glad to hear you've been having such a great experience so far!
0 -
Maybe a good start would be an option to show some kind of an indicator that site credentials are available in 1Password... then it's easy to press Cmd+\ ... but sometimes I'm not sure if a site has already been saved or not.. just an idea, might not be that great.
0 -
+1 to @davidhq's idea.
0 -
I like that idea David.
0 -
Maybe a good start would be an option to show some kind of an indicator that site credentials are available in 1Password
This is what Ctrl+Alt+\ (or the 1Password button) is doing.
0 -
This is what Ctrl+Alt+\ (or the 1Password button) is doing.
Not really. I think what's being suggested is a status display that operates without user intervention. For example, change the extension icon when you're on a site you have credentials for. Obviously this feature wouldn't work when the vault is locked.
0 -
I thought David meant some kind of visual indicator that you'd see whenever you visit a site that has a 1Password login saved. This way when you arrive at the page you can see straight away without any intervention on the users part if you can use control+\ to login to the page.
I know i've got dozens of forum logins saved but I still visit some forums where i've not saved a login so this visual indicator could be quite useful.
0 -
Yes, that's what I ment... I think Richard's idea of changing the extension icon is great... that way the site is not modified at all...
Because of herd mentality I 100% like my idea because others like it :smiley: before I wasn't sure.
0 -
JUST A GUESS:
As it stands, the 1Password extension is activated when you press Ctrl+\ or click on the 1Password icon in the browser toolbar.
It seems to me that having it constantly active, constantly checking the current URL, would be a big enough drain on resources that it would have an unacceptable effect on perceived performance.
0 -
It seems to me that having it constantly active, constantly checking the current URL, would be a big enough drain on resources that it would have an unacceptable effect on perceived performance.
Not clear. I've never heard "Oh, Lastpass is such a resource hog everything is so slow...." It seems that there are other reputable password managers that implement auto-fill and have satisfactory perceived performance.
I support the request for a feature per login item that would enable auto-fill, similar to the auto-submit setting. I don't really understand the "security" objection: if you detect that I have loaded a page containing a login form on a domain where I have a 1Password login item and have set auto-fill and auto-submit, I find it difficult to see what the security exposure of the auto-fill is. Are you imagining some kind of badly-done cross-site forgery of the login form that I currently would recognize before hitting Ctrl+\ or the 1P key symbol? To me the lack of support for auto-fill is more like security theater, not a true security feature.
0 -
That "true" auto-fill feature is not so bad.
KeePass has it too. Whenever I would browse to a website with login for wich KeePass has the login credentials, KeePass's browser extension (KeeFox) would light up and automatically auto-fill username and password without any user intervention. All this is left for the user to do is submit if the user wants to proceed.
I did not notice any slowness from the process of instant recognition of a website for which saved login credentials are available. It's just instantaneous.
To tell you the truth, 1Password is already recognizing a website with saved credentials, as it's the first available option when pressing the browser extension key logo, only thing is that 1Password is not automatically filling in the username and password like LastPass and KeePass.
0 -
Ditto previous comments.
LastPass truly autofills and autosubmits and does this without any slowness.
This is what the LP-enabled site look like (please ignore the top bar. Just the lastpass-logoed border around the fields)
http://ruraltourismmarketing.com/wp-content/uploads/2013/01/multiplesites.jpg0 -
It seems to me that having it constantly active, constantly checking the current URL, would be a big enough drain on resources that it would have an unacceptable effect on perceived performance.
The extension is already constantly active. How else would auto-save work.
0