Please Improve Detection of Username

Haravikk
Haravikk
Community Member

Pretty much as the title says, but 1Password can still be pretty bad at guessing what it should use as a username when logging in. For example, I recently signed up to a forum, and 1Password decided that my username was the captcha letters!

I know that field-names on web-forms can be incredibly non-standard, but I'd like to propose behaviour along the lines of:

  1. Fields containing "username" in their name (many sites use names with a prefix, or use array naming). This should be ignored if it's empty, as I've noticed that some sites that used to have usernames retain a vestigial form entry, it also happens more commonly on sites that have a login box on every page and which submit everything in a single form.
  2. Any field with a value that appears to be a valid e-mail address, as most sites that don't have usernames use an e-mail address instead.
  3. Best guess, i.e- any text field, but giving a lower priority to field-names containing "captcha", "code", "country", "language", "security", "verify" etc., as well as any that contain only numbers, to try to ignore common security questions/anti-robot measures and unimportant data.

As an example, here are the web-form details from a site I recently had this issue with (the one where the captcha was assigned as my username):

As you can see, it's a great example of a difficult to parse form, as it has one of the empty username fields I mentioned. However, it also has a field with a clear e-mail address entered (redaction aside, of course), yet for some reason 1Password chose the captcha field for my username, requiring me to open the app and change it.

Aside from improved ease-of-use for everyone, having to figure out which fields to set isn't very intuitive for casual users, so 1Password could really do with selecting these better.

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Haravikk,

    How would you feel about supplying the URL for this site, I'd certainly like to see how our current beta handles the site and does it do a better job or not. If it doesn't I'll submit a report about that site. We have been working on a new filling logic recently so I'd like to see if it does any better.

  • Haravikk
    Haravikk
    Community Member

    Sure, actually I thought I'd left it in the image, must have over-cropped! This specific form was from the forums for Cooler Master (computer case manufacturer), I think it's an IPB message board, you can get directly to it at: http://community.coolermaster.com

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @Haravikk,

    Thanks for letting us know the URL! I went to that site and clicked the Sign In link, and noticed it only asks for email & password - there's no captcha field there. I saved a new Login item for that site (using random info, as I don't have an account there) and 1Password had no trouble filling that form. I checked the web form details in 1Password, and they looked very normal (i.e. none of the extra fields from your screenshot).

    On a hunch, I went back to the main site and clicked the Create Account link. I filled out the form there and saved a new Login, then checked the web form details for that, and it's just like your screenshot - extra fields for confirming the password, captcha/Verification Code, and so on.

    So, it looks like you saved the Login item from the registration page (i.e. "Create Account"). That's not a problem for some sites, but on other sites, the internal field names used for the registration form are completely different from the internal field names used for the login form. Those internal field details are saved by 1Password as the web form details which are used to help sign into the site. Therefore, it's always a good idea to save Logins on the page where you intend to fill them.

    To solve the problem, try manually saving a new Login for that site. The new Login item should work correctly for you.

    Please let us know how it all goes and if you have any questions about that. Thanks!

  • Haravikk
    Haravikk
    Community Member

    I've already corrected the problem by setting the correct field as my username, I just feel that 1Password should be able to handle this better. Since I made the switch to 1Password (version 2 iirc), 99% of my saved logins are from registration forms, as I'm using 1Password to generate the passwords for me. Of course most of the time this fine, it's just a few sites where 1Password inexplicably falls over itself.

    While saving from the login form might suit new users who have existing sites and passwords to save, for users that are using 1Password for everything, the main pages that need to be stored will be registration and password update pages, as these are where new passwords will be first entered (or generated). Saving from login forms for a user that generates their passwords would require them to copy the generated password somewhere (so 1Password doesn't clear it from the clipboard), fill out registration, wait for it to complete, then login with the copied password and save the details, this isn't especially easy.

    Anyway, like I say, I think 1Password could do a better job of getting the correct correct username field on any form if it followed steps similar to what I proposed in my first post.

    Another, related change, would be if 1Password recognised that a different form was being used, and offered to update either all details (replacing any previous form details, e.g- a registration page with a login page) or to update only the password (useful for password update forms which usually don't require the username to be entered).

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Haravikk,

    Do you use our Password Generator at all?

    Why I ask is when you use our Password Generator there is a button to the side of the generated password which by default is set to fill. If you use the button, either to fill or copy it will copy the password not just to your clipboard but generate a Password item in 1Password with a title detailing where it was used. That Password item will stay in your vault until you create a Login item for the same site and using the same Password as at that point 1Password deems the Password item redundant. We create the Password item to ensure there is a record of any password that might have been used.

    Depending on the change password page, very much site dependent, we can recognise you're changing a password and update the Login item accordingly. We face the same issue here we do elsewhere though, trying to cope with the myriad of variations, seen and unseen. It's the same issue with login pages.

    One area we do need to improve is the ability for the web form details to be updated. This could cover your request to see a registration page Login item 'converted' into a login page Login item. As it stands though, the saving of a login via 1Password mini isn't designed with the registration page in mind as field IDs are rarely global over various pages and instead used only locally to that page.

    ref: OPM-2708

This discussion has been closed.