No offer to save login information

During login sequence... 1Password does not offer to save my login credentials on this site.

web site: https://www.my-portfolio.ca/pcis/login.jsp?url=/.do
1Password 6 Version 6.3 (630032)
Chrome 50.0.2661.102 with..
1Password: Password Manager and Secure Wallet 4.5.6.90


1Password Version: 6.3 (630032)
Extension Version: 4.5.6.90
OS Version: OS X 10.11.3
Sync Type: N/A ( have used WiFi )
Referrer: forum-search:No offer to save login information on https://www.my-portfolio.ca using 1Password 6 Version 6.3 (630032) && Chrome 50.0.2661.102

Comments

  • jxpx777
    jxpx777
    1Password Alumni

    Hi, @DCornelius. I'm sorry for the trouble you're having and also the delay in getting back to you. I just tested this site and here's what I found. The button that you click to sign in is really just a link that is styled to look like a button. In this situation, 1Password has to try to guess if the act of clicking on any given element is an attempt to submit the page, and in this case, it doesn't recognize a click on a link with the text Access as such an attempt.

    What I also found is that if I enter a username and password and then press return with the focus in the password field, 1Password does indeed recognize the sign in attempt. Does that match your experience as well?

    Thanks!

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

  • DCornelius
    DCornelius
    Community Member

    Yes: Competing the 'submit' portion by the Enter key ( instead of click on an image which invokes javascript:submitLogin() ) does get hooked by 1Password with an offer to save credentials.

    And, once that new entry in 1Password is present, I can double-click to log in ( and 1Password fills credentials ), or use the browser add-on to the same effect.

    However... if I edit that new entry ( eg: add 'xyz' to the URL, in the two 'website' fields ), this does something to the entry in 1Password which is not 'un-doable'. i.e. if I remove those 'xyz' on the URL, then that entry is no longer usable for double-click (1Password or browser add-on)

    Why is that interesting? Well, when 'things go wrong' with 1Password, my technique for diagnosing is: "move the existing 1Password entry aside by editing the URL so it won't match", then login 'by hand', and have 1Password make a new entry for the site. That's what I did to try your method.

    Now I have two entries: the new one (which works), and the old one (which doesn't work). I really want to 'merge' these, or 'update the old entry', since ==> The old entry has other ancillary information ( e..g. in the tag fields, or elsewhere ) which I do NOT want to lose!

    It's weird: the two entries I have 'look identical' in 1Password, but one works, and the other... goes to the web site, but doesn't fill in any of the fields.

    So, I'm a little better, but still uncomfortable about this situation.

    Is there a way to do a 'complete compare' of the two entries, including any 'secret stuff' which does not appear in the 1Password UI?

  • jxpx777
    jxpx777
    1Password Alumni

    The only real way to compare the raw data of two items is to use something like Kaleidoscope. You'll need to enable the Copy JSON menu item in 1Password > Preferences > Advanced. Then you can copy the JSON of the item from the Item menu and paste the JSON of the two items into Kaleidoscope to compare.

    Please be advised that the JSON of the item is not encrypted, so take care not to save it some place where it might be vulnerable.

  • DCornelius
    DCornelius
    Community Member

    (a) I have an entry in 1Password which works: double click, switch to browser w/ URL, forms filled, submitted.
    (b) I turn on advanced prefs, and use control-click to copy the JSON for the entry. Paste into a file, and save.
    (c) I edit the 1Password entry to 'obfuscate the URL' by adding 'xx' to the domain ( e.g. myportfolio.ca -> myportfolio.caxx )
    (d) Save the entry.
    (e) double click the 1Password entry, browser complains: no such domain. That's correct operation.
    (f) Undo the obfuscation by removing the 'xx' from the domain.
    (g) Save the entry.
    (h) Double click, browser opens to myportfolio.ca, but...
    (i) ==> ** No fields are filled in. **
    (j) Copy the JSON for this entry again. Paste into another file, and save
    (k) Compare the two JSON snippets.
    (l) Only difference is the value of the "updatedAt" token. (verified by Kaleidoscope and http://tlrobinson.net/projects/javascript-fun/jsondiff )

    i.e. Editing the URLs 'breaks' the entry.

    Maybe this needs a new thread for discussion.

    Shouldn't I be able to edit the URLs (as described above), and have things back to where they were?

  • jxpx777
    jxpx777
    1Password Alumni

    Hi, @DCornelius. I was able to reproduce this once with one Login but not a second time with another. The one Login that reproduced the issue in the stable extension seems to work just fine in the beta extension. Could you give our beta extension a try and see if it works better for you? Be sure to uninstall the current version before installing the beta and click the Enable Betas link under the big green button on that page. :)

    Let us know how it goes.

  • DCornelius
    DCornelius
    Community Member

    Well, maybe this should change from 'oh, interesting, perturbing side effect' to 'Bug'.
    Here's my action matrix

  • jxpx777
    jxpx777
    1Password Alumni

    Thanks for that detailed outline, @DCornelius. Out of curiosity, are you able to replicate this with any Login by making such changes to the URL or is it just with one site in particular. The first site you mentioned here was https://www.my-portfolio.ca. Is this still the site that's giving you issues?

  • DCornelius
    DCornelius
    Community Member

    All the previous work was with https://www.my-portfolio.ca
    I tried a different institution ( https://www.wellsfargoadvisors.com/online-access/signon.htm ).
    (a) in 1Password, 'duplicate' the entry which works.
    (b) verify that the duplicate logs in: yes, it does.
    (c) edit the URL: .com -> .comx
    (d) double click to open: fails ( no such domain )
    (e) edit the URL: .comx -> .com
    (f) double click to open: fails: username & password are blank. No auto submit. "Enter" key does nothing. Click 'Go' takes me to a page asking for credentials.

    That's using Chrome extension 4.5.6.90 ( enabled )

    Switch to beta extension 4.5.7.2 ( by ticking 'enable' in Chrome's extension manager, and un-ticking 'enable' for 4.5.6.90 )
    -> The 'duplicated / edited / un-edited' entry in 1Password logs in fine.

    Switch back to 4.5.6.90, and double-clicking the duplicate still works fine.

    OK. Bizarre. Switch over to the beta extension. Repeat (a)-(f) ( using a different entry name for the duplicate ), and the results are the same as before: (f) fails to fill / open.

    jxpx77 - While I appreciate that you're keeping me engaged on this, I feel like you folks should be doing all this work, not me.

    In particular, I'm concerned that in running Kaleidoscope / jsondiff that my login credentials are 'leaking' out on to the internet. So, I will change my passwords on the two trial sites I've used, and hopefully, you can replicate this bug, and fix it.

    Yours,

    /dc

  • DCornelius
    DCornelius
    Community Member

    Changing passwords on those two sites... 1Password did not offer to update any records during the changes. I was 'clever enough' to know that this would probably happen, so whenever I use the password generator, I make sure that 'copy to clipboard' is selected before I click 'fill' ( Yes, I've done this for years, but a month ago, I discovered it was un-checked !! ), then fill & submit the change, then immediately go edit the 1Password entry, and paste in the new password to save it. That's a precarious way to hold on to a new password. It exists in the 'clipboard' starting with the press of 'Fill'(and copy to clipboard) and vanishes on 'next clipboard operation'... which is something which could happen 'anytime'.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @DCornelius: If you use 1Password to Copy or Fill the generated password, it will be saved as a Password item in your vault. That way you don't have to worry about the clipboard being cleared. I also find it's useful to sort these by Date Created, so that the newest is always at the top.

    We do appreciate your patience and willingness to work with us on this issue, but it's totally understandable if you have other things to do! We'll keep working to improve 1Password either way. :blush:

This discussion has been closed.