paypal won't auto fill in passwords generated by pword generator

I am new to 1password, I tried to use the password generator tonight with paypal, it would not accept the auto fill, it would allow me to copy and paste but after I saved the new auto generated password in paypal and updated it in 1password and tried to re login with the new auto generated password, i get an error tell me the password doesn't work. help.


1Password Version: 6.5.2
Extension Version: 4.6.2
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:paypal

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited December 2016

    @atoxley: It sounds like PayPal may have accepted the full generated password when you changed it, but perhaps it won't accept a password of that length for logging in.

    I just went through and changed my own PayPal account password, and while there are no clear password requirements stated as far as I can see (though I did find some information, along with some terrible password advice, in their help section), the password change form would not accept a password longer than 20 characters. Is the one you saved in 1Password 21 or more?

  • Nariman27
    Nariman27
    Community Member

    I believe the issue is this: PayPal's login form seem to have some new sensitivity to automated entry via any password manager or the copy/paste of passwords into the login form. Super simple to reproduce: if you type out the password character by character (from your 1Password vault), it accepts the login just fine. If you copy/paste the same password or use a browser extension to populate it, it's rejected. Have seen this in other places. Perhaps 1Password needs to evolve to support the 'natural typing' of passwords to overcome this?

  • jxpx777
    jxpx777
    1Password Alumni

    That's sad to hear, @Nariman27, but it wouldn't be the first site I had ever seen this faux security on. As for "natural typing" this is something we would love to do, but so far, it has proven to be a challenge, mostly because of this bug in WebKit, which Chrome and Safari are based on. Basically, our "fake" key strokes in Javascript aren't authentic looking and don't properly trigger all the same behavior as a real keyboard stroke. Combined with that, though, custom Javascript events are now flagged to indicate if the event is trusted, i.e. generated by a real user action vs a synthetic event. So, even if that bug is fixed, a site like PayPal could just ignore 1Password by denying any untrusted events. :(

    All that being said, I just tried my own PayPal Logins on this page https://www.paypal.com/signin?country.x=US&locale.x=en_US and it filled and submitted for me just fine. The password field on this page doesn't mention any maximum length, including in the code:

    <input id="password" name="login_password" type="password" class="hasHelp  validateEmpty  " required="required" aria-required="true" value="" placeholder="Password">
    

    But, on the password change form, I find this:

    <input id="newPassword" name="newPassword" type="password" class="hasHelp validate" required="required" aria-required="true" value="" autocomplete="off" maxlength="20">
    

    Note the maxlength attribute at the end of the <input> tag. This leads me to think that @brenty might be right that the field was filled with a longer password and PayPal truncated it or something like that. Can you check the length of the generated passwords like Brenty mentioned and see if we're on the right track?

    --
    Jamie Phelps
    Code Wrangler @ AgileBits
    Fort Worth, Texas

This discussion has been closed.