feature idea: "populate only" checkbox
1Password has a problem with a limited number of what I would refer to as "poorly designed sites". I have an idea on how it might be modified to better cope with them.
There are a handful of reasons why certain sites don't work right with 1Password. One of the most recent offenders I've seen is -- whether it would be described by this as as a web designer or not, I do not know -- what I call the "in-frame login".
LinkedIn is a good example of this. If you just go to their root URL, the cursor will automatically be dropped in the "Email" field at the top of the screen. But if I use the 1Password extension button (tried this in both Safari and Firefox), it gets confused because there are two email/password fields on the screen and ends up populating the wrong fields. Instead of being logged in, it figures I'm trying to register but fortunately my first and last name fields are empty, so it fails to submit (fortunately).
The ideal login URL is a standalone page with nothing more than a username and password field, period. Unfortunately, 1Password obviously can't make everyone design their sites like this. Here's another example of an "in-frame login" but one that's perhaps even maliciously designed: Walmart.
As you can see, I'm clearly on a dedicated login page. But when I attempt to submit my login credentials, 1Password drops my email address into the "Be the first to save!" subscription field near the bottom of the page and ends up automatically signing me up for emails. Super-yuck. I don't know if that's just incompetence on behalf of whoever designed Walmart's site or if they geared the code so that this email field is the "first" one that 1Password sees.
Here's one more example of a problematic site, but one that doesn't have the "in-frame login" issue. It's kind of obscure -- this is the site where I login to pay my electric bill.
This one doesn't properly work with 1Password because they've added a CAPTCHA verification. So 1Password drops in my credentials and submits them, but the page rejects the login because I didn't prove that I am not, in fact, a robot. An annoying security check for sure, but at least it doesn't look like they're trying to steal my email address to spam me.
So, what's one to do? 1Password can't know whether or not it's being asked to submit credentials to a badly designed site. But maybe I do know that a specific site is going to be a problem. What I think would work would be a checkbox per-entry in 1Password like this (forgive my poor layout skills):
With this box checked, 1Password would know that if it passes credentials to the page for this entry it should NOT attempt to automatically hit return. This would give me the opportunity to verify the stuff is in the right place before it gets sent out for processing. Or perhaps a different option would be "open only", which would work the same but 1Password would only open the URL and immediately stop -- not attempt to drop in any credentials at all. Then I could at least manually copy-and-paste them into the right spots instead of also having to clear them out of the wrong ones.
Anyway, that's just my idea for how to tailor individual 1Password entries to deal with web design landmines.
1Password Version: 5.40 (Agile Web Store)
Extension Version: 4.44
OS Version: 10.11.0
Sync Type: WiFi
Comments
-
Hi @bitmender,
Thanks so much for writing such a detailed description of this issue! Believe me, you're not the only one who gets frustrated by these type of pages. I've become so used to 1Password just 'automagically' filling an submitting my details, that I often stare at my screen in stunned silence whenever I come across one of these beauties. Of course, we'd love it if all web designers got their acts together and made it more simple for their users to be secure. But until that magical day, we do what we can to get by.
And, as it happens, 1Password already has a handy little feature that is going to help you out a lot here. Check this out:
You can select the 'never submit' option for these wonky sites, and 1Password will make its fill attempt, but not hit the 'Enter' button to allow you to correct things.
There's another alternative as well: navigate to the site on your own, using a regular bookmark or typing in the URL, and then activating that sign in pop-up. Once it's visible, you can use ⌘\ ( Command- \ ) to fill your details into the correct fields.
I hope this helps, but if you have any further questions or concerns, we're happy to help!
0 -
Awesome! I didn't realize what I was looking for was right under my nose. Thanks!
0 -
Hi @bitmender,
Always happy to help! Please let us know if you have any other questions about 1Password. :)
0
