Auto Fill not working correctly?

bovie2k

While I still love 1Password, I've found over the past 2-3 years 1Password has significantly regressed in it's ability to guess where a password and username goes. When I first started using it 1Password was almost perfect now many websites require me to copy and paste. Not sure if websites have changed or if 1Password has gotten dumb.

Also is there anyway to improve 1Password so it can read the text next to the box and fill in the correct answer? Like for security questions?

Again I still love 1Password and wouldn't trade it for anything. Just missing the old auto fill days.

---

1Password Version: 6.2
Extension Version: 4.5.5
OS Version: 10.11.4
Sync Type: Families

jxpx777

Hi, @bovie2k. I'm very sorry to hear that you're having this kind of trouble with 1Password. I work primarily on form filling and our browser extensions, so it especially pains me to hear this. :( The last couple of years have seen some great strides in 1Password's filling capabilities in many areas, but perhaps our efforts don't overlap with the sites you use most often. If you'd be willing to share some sites where 1Password isn't working for you, I'd love to take a closer look and see how we can help.

As for filling security questions, this one is a tough nut to crack and for as infrequently as they are requested and the variety of ways sites can prompt users for them (For instance, is the question in a drop down menu, a field label, or just some paragraph text? Just one example…) the amount of effort required to do this well across a large number of sites would be quite significant and those resources are better used focusing on improving Login, Credit Card, and Identity filling.

Thanks again for your post. Hopefully we can help get 1Password filling working better for you to make you as happy for the current days as the old ones. :)

bovie2k

Thank you @jxpx777 Don't be hard on yourself like I said I still love the hell out of 1password and recently signed up and started using families. I agree focusing on login, credit card and identity is probably the way to go.
One good example off the top of my head is wecu.com . I've also noticed starbucks.com requires me to enter another character and delete it before I can click submit. The website knows the password was pasted in. Must be some bot blocking code on their end.

jxpx777

Hi, @bovie2k. Sorry for my late reply. Thanks for your kind words. We hold ourselves to very high standards here. :)

For wecu.com, are you having trouble on the first username page or the password page? The username seems to fill for me and submit after a manual save. Does this match your experience? Since the first page uses a password field for the username and I suspect the second page would use a password field for the password, you'll need to save and store two separate logins for this site. Right now, 1Password doesn't have a way to distinguish between them across pages like this.

As for Starbucks, this is one we recently put some work into. Could you double check your version of 1Password for Mac and if it's not 6.2, update and let us know if Starbucks behaves better for you.

Thanks!

bovie2k

@jxpx777 no need for apology. Next business day is pretty good in my book. Thanks looks like starbucks is working. Yes that matches what I experience with Wecu and it makes sense now that you mention the username field is all dots like a password. Sounds like keeping up on the auto fill is a little arms race between you and the webpage developers. :-) Keep fighting the good fight.

p.s. Pass my thanks along to the 1Password for teams and families team. I really like what you guys are trying to accomplish.

jxpx777

Thanks for the confirmation, @bovie2k. Glad Starbucks is working for you now and that we're at least seeing the same results on Wecu. You're right that keeping up with form filling is a constant game, but it's a fun one and it's a great challenge to get 1Password working with as many sites out there as possible. The good news is that these days, many more web developers are aware of or even using password managers than there were, say, 5 years ago when this work was much more of a struggle because we didn't have much in the way of support from many web developers. :)

I will definitely pass your thoughts on about 1Password for Teams. If you haven't already, we'd appreciate a review in the App Store, Google Play, or MacUpdate (as appropriate for your platform or purchasing location). Kind words from happy users really do help. :)

Cheers!

paulypudner

WRT autofill troubles, I can think of two other sites that defeat 1PW's autofill feature: Verizon and Apple (I don't know about Micro$soft). Seems these companies are tightening up their opsec practices disallowing passwords to be autofilled, even going so far as to defeat copy and paste as well. They accept autofilled UIDs, but seem to insist upon manual completion of passwords and sometimes demand additional information such as feeding back answers to previously stored secret questions. This tactic appears to be intended to assure that the individual supplying the UID and PW password is a human being and not a PW guessing algorithm.

Improving opsec is probably not a bad thing I suppose; however, interfering with conveniences like 1PW's autofill service inevitably discourages users from using long, complicated passwords because they are hard to remember and to type in manually. It is hard enough to maintain a disciplined approach to security practices without making it more tedious and difficult than it already is.

How ironic that a useful security tool like 1PW should encounter conflicting network security defenses when both strong passwords and network security are vital to user protection. In the eventuality that more and more public web sites adopt the practice of defeating autofill features, it may be necessary that 1PW enable users to keep "revealed" passwords on the screen long enough to manually copy and type them into login windows... a regressive tradeoff between between an imposed security restriction and convenience.

jxpx777

Hi, @paulypudner. I just tried signing in to both Apple (appleid.apple.com) and Verizon (verizonwireless.com) and it worked fine for me. Can you let us know a little more about the trouble you're having? For starters, what device and web browser are you using?

paulypudner

Hi jxpx777. In answer to your questions: Device -- MacBook Pro (mid 2012) running OSX 10.11.4; Preferred Browser -- SRWare Iron (Version 48.0.2550.0 (64-bit).

Your reply made me question my experience, so I tried logging into the Apple Store using a different browser (in this case, Safari) and low and behold, I had no trouble with autofill. Since I wanted to test 1PW's autofill on a non-Apple browser, I then installed Google Chrome (Version 49.0.2623.112 (64-bit)). No problem there either.

So... I'm left with egg on my face regarding the assumptions I made about opsec, etc.

From the above results, I conclude that SRWare Iron is the problem -- even though it is based on Chromium, it appears to be unable to manage autofills for sites (like Apple and Verizon) that break login pages into two or (in Verizon's case) three sequential steps -- 1) enter UID, 2) ans. secret question for Vzn, 3) enter password.

Although it is German freeware, Iron is my preference because it promises to offer more privacy by stripping out the intrusive data tracking/marketing code embedded in Chrome, while continuing to deliver an unencumbered, fast and efficient browser experience. I would rather it were a U.S. product, but I have no complaints with it so far (except for this anomalous behavior).

If you would like to explore Iron's code to see why autofill is misbehaving, you can visit http://www.srware.net/en/software_srware_iron.php

Happy hunting.

jxpx777

Hi, @paulypudner. I'm not familiar with this browser, and I don't believe we have support for its code signature in 1Password. Did you disable code signature verification (1Password > Preferences > Advanced) in order to allow the extension to connect? It's possible that Iron is doing something different somehow that is causing this incorrect behavior. For now, it's best to stick with the officially supported browsers.