ICBC autofilling not supported
website:
https://myebank2.icbc.com.cn/icbc/perbank/index.jsp?areaCode=0167&dse_locale=en-US
It's a pain to manually type in passwords every time. Is this possible to solve it?
1Password Version: 6
Extension Version: 4.5.9
OS Version: macOS 10.12
Sync Type: Dropbox
Comments
-
Hi, @BXIA. I see the same problem you're seeing. I didn't have a chance to dive into it too far yet to identify the issue, but I will open a bug report so we can investigate and see what might be the issue. I do see that the page is using
<frame>
elements and that there are many, many fields on the page that aren't visible to the user.Out of curiosity, which browser are you using? If you tested in Chrome, could you also test in Firefox or Safari? There's a known issue with Chrome where it has some problems with very large sets of fields sending from the extension to 1Password, so I'd like to rule that out.
I tested in Firefox Developer Edition (50.0a2) with a Login saved manually in the browser and another saved in the main application, and with both, the username filled but the password field did not. I did get an alert that the password should be between 6 and 30 characters, so that's some indication that something happened.
I also see quite a delay in response since 1Password is having to process such a large number of fields, so if you're testing this out, give it a little bit of time. This is something we should speed up but if you're looking for 1Password's normal lightning fast results, it could look like 1Password just isn't doing anything, so I wanted to mention it. :)
Thanks for your patience!
--
Jamie Phelps
Code Wrangler @ AgileBitsref: OPX-1240
0 -
Hi @BXIA,
I've just taken a peek at the link you kindly supplied and well, it's not looking great. The first thing I noticed after saving a Login item was the password 1Password found wasn't what I typed. It looks like they're using JavaScript to scramble the password and the parameters change each time the page is loaded. They wipe the password field if it gets clicked on which is possibly why it didn't seem like it filled for Jamie. So there's a good chance we are attempting to fill the password field but then stuff we trigger afterwards results in the page clearing the field. Not that it would make much difference as we've yet to find a way to ensure filling works in such a way that we can work with sites that scramble the password.
I apologise that I'm not the bearer of good news at the moment. That page is pretty hostile towards automated filling. What saddens me is I assume they believe this helps but my personal opinion is it pushes people towards weaker passwords if they're forced to remember and type them out. I wish they would remember to factor in human nature when deciding what boosts security.
0 -
@littlebobbytables Yes, that saddens me as well. I got an idea… is this possible to simulate keyboard input? This should solve the problem.
This bank is pretty hostile to auto filling, in fact they don't trust any password managers except their customers' brain. I guess it's because of they are very confident about their security measures. They gave me a free physical token with a LED screen and digital certificate embedded, every time when I make a transaction I'll need to connect that token (USB on PC or 3.5 mm on smartphones.0 -
Sounds like they're pretty strict. It is somewhat possible to simulate keyboard input, but it's very unreliable, especially in Chrome and Safari due to this longstanding WebKit bug We want to keep considering ways to make this better, but right now, we don't have a good solution for sites that are going this far out of their way to add a veneer of security.
0