Suggestion: allow filling in login credentials for current page, regardless if URL matches
Currently if you're on webpageX.com's login page and on the browser extension choose the Login for websiteY.com, the browser will open websiteY.com and fill in the info there. Now that's all fine, but I'd like to have the option to use the credentials for websiteY.com on webpageX.com's currently loaded form.
Use case: In order to watch streamed TV content on my PC or other devices I need to sign in to my ISP's website, but through the service provider's website. So for example, if I'm trying to use watchespn.com, they'll redirect me to a page that loads my ISP's website with a different URL than the one I have saved for my ISP in order to validate that I have an active subscription. I could save that URL, but it seems like every provider has a different URL for that functionality. Another similar case is with Google's or Microsoft's services all using the same account/password but having different URL's with login forms that you can use to log in (for example, Microsoft's MSDN portal comes to mind).
Is this something that you would consider for the future?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @enriquein,
When it comes to matching up potential Login items with the active tab in your browser we don't compare the full URL, we only care about the domain matching. So you shouldn't have to have multiple entries that all describe various paths on the same site unless you want different options for open and fill. The option open and fill is where you click on the URL and you're taken to that specific page so of course that has to have the full path to the required page.
So let's say
websiteY.com
is your ISP. You've got your Login item and it will have the full path for their login page. If you want that item to also fill on a page on the sitewebsiteY.com
then adding a second website field with an entry will achieve this.I don't see us ever adding the ability to select a Login item and have it attempt to fill the current page. It just seems like the gain is small given multiple website fields do allow you to say fill on sites x, y & z while the opportunity for error is high and nobody wants the panic of thinking "I just supplied my bank's login credentials to that site to do with puppies!" and while it might sound silly it would eventually happen.
Personally, and I could be wrong here, but the times where you need a Login item to fill on a completely different site tend to be quite rare and when the do happen I can't imagine it's more than a couple of different domains at most. That's why I think the multiple website field option is probably sufficient at this time.
You may not agree and that's fine, the forums allow us to have a discussion about the merits and pitfalls and maybe there are cases, even widespread ones, where a change could be good and I'm simply not aware of them. In this case you can help me learn :smile:
0 -
You're absolutely right in that it's a small subset. The problem is how annoying it starts to get, seeing how often I have to redo the entire process. For example, my Kids watch all the Disney subchannels on my Roku. I also tend to watch sports on and off on the watchespn app on the Roku. Each separate app makes you re-authenticate with your ISP every other week. You have to do the entire process on each separate app. It wouldn't be an issue if the popup window would always have the same URL, the problem is that it seems to be different depending on which service it is. So for example, each disney app will take me to a different URL that then (I'm guessing) loads my ISP's authentication form inside an IFrame. When I right click on the fields, I can't get 1Password to recognize it, nor do I get the chance to select from the list. This is especially frustrating on the iPad, where you need to use the little context menu thing Apple provides in order to have 1Password fill out the field.
I agree that this is quite an edge case, and I also see your point about accidentally sending sensitive credentials to the wrong website. I'll definitely give saving each as a new website a try. I appreciate you taking the time to read through this, though :)
0 -
Hi, @enriquein! First, I'll reiterate what @littlebobbytables said before. Filling arbitrary credentials on some arbitrary site isn't something we want to do. This is part of 1Password's phishing protection.
Now, you mentioned something else that is intriguing. You said that these appear to load the login page from your ISP in an iframe. If that is the case (We would need to verify that of course…), then we have an enhancement request open to work with this, but it will require some architectural changes that we aren't in a position to tackle just now. But, I did want you to know it's on our list of things to explore. We have to make sure we get it just right, though, so that we don't open you up to phishing by some site including some other site in an iframe. For instance, if you get sucked into a PayPal phishing attempt that loaded PayPal's actual login screen in an iframe and 1Password allowed you to fill your PayPal credentials there, then the parent page could monitor the frame for changes to the fields and capture your username and password.
I hope this makes sense and helps shed some light on the reasons that we don't allow this kind of filling right now. Let us know if you have any other questions or issues. :)
--
Jamie Phelps
Code Wrangler @ AgileBitsref: OPM-3928
0