Password Autofill takes you to different site!

I'm just migrating from PasswordSafe (because I want the Teams functionality) and I've found something v. v. annoying with the browser integration.

So:

I have a web based application and clients.

Sometimes I log into the live client site for support purposes. I save the unique support password for that site into 1Password. 1Password also saves web form details, such as the URL and the element names and Ids.

Sometimes I restore a client database to my development environment to debug something.

So here I am, having fired everything up in debug mode, and the first thing I see is the login screen. I'm on http://localhost, but because every client database has a unique password, I can't just save something once and forget about it. So, I right click in the password field, choose 1Password from the context menu, use the search, and select the appropriate site that matches the database I've currently got active.

So far so good. All 1Password needs to do is autotype the password I've chosen into the field with the focus and I'm good to go, logged into my dev environment.

But it TAKES THE BROWER BACK TO THE REAL LIVE URL and then logs me in. It's lucky I noticed, or I'd have done on live what I thought I was doing in my dev environment!

  1. Why does it do this?! Or, what do you think you're doing? I think I'm asking you to autotype a password in a password field, but obviously you think that right clicking on a field on an existing page means something else.
  2. How can I stop it doing this and just make it autotype the password?

1Password Version: 6.3.359d
Extension Version: 6.3.359d
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2017

    @bencurthoys: I'm not 100% sure I understand what you're referring to, so any clarification you yourself can offer would be greatly appreciated. But it sounds like you're at a particular URL, and when you select a login for 1Password to fill _with a different URL saved, 1Password opens the saved URL before filling. Does that match what you're seeing? This is by design, as filling login credentials on the wrong site is generally a bad idea. So by default we protect ourselves against phishing attacks by having 1Password fill a login at the URL(s) we've saved it for. So it sounds like all you need to do is add (an) additional URL(s) there for any locations you want 1Password to fill it for you. I hope this helps. Be sure to let me know if you have any other questions! :)

    Edit: Just to clarify:

    I think I'm asking you to autotype a password in a password field, but obviously you think that right clicking on a field on an existing page means something else.

    1Password doesn't work that way: You don't get to choose individual fields to fill; rather, when you invoke 1Password using the mouse or keyboard (⌘ \ is your friend) and select a login, it will try to recreate the form the way you saved it. You can always copy and paste if you want to fill individual fields in different places, especially other than the place you saved them, but this isn't something we want 1Password doing on its own for the aforementioned reasons.

  • bencurthoys
    bencurthoys
    Community Member

    ...it sounds like you're at a particular URL, and when you select a login for 1Password to fill with a different URL saved, 1Password opens the saved URL before filling.

    Yes, that's what I was seeing, and I guessed it was by design, but I couldn't work out why it was by design. Phishing protection is a perfectly good reason for it behaving that way.

    I suppose then that for me, the way that I launched the dialog what caused the confusion.

    When I right click on something I expect to get a context menu and I expect the operations on the context menu to be relative to my current context. If I right click on some selected text and choose "Copy" then I expect it to copy the text that I clicked on, and not some other text somewhere else. But the right click / 1Password menu launches a dialog that ignores the page you're on and the text field with the focus, and no matter what you were doing when you select a login it takes you to the page associated with that login instead.

    I see what you mean about the keyboard shortcut: Launching the dialog with Ctrl+Alt+\ does exactly the same thing, but because I don't expect it to be context sensitive, it doesn't bother me that it's not.

    I would like it if I could choose a default operation on selecting a login. Right now just clicking performs the login, and there's a right click menu with options to copy the username and password to the clipboard. I'm used to being able to configure what the default operation is:

    (But, I can totally see why that would be useless / actively harmful to 90% of users so I don't expect you to do anything about this. Inevitable grumbles at getting used to a new system)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bencurthoys: That definitely makes sense then. Thanks for following up!

    When I right click on something I expect to get a context menu and I expect the operations on the context menu to be relative to my current context.

    I think that's a perfectly reasonable expectation, actually. The browsers' extension frameworks just don't give us that kind of flexibility. Maybe that will be possible in the future though!

    I would like it if I could choose a default operation on selecting a login. Right now just clicking performs the login, and there's a right click menu with options to copy the username and password to the clipboard. I'm used to being able to configure what the default operation is:

    In all honestly, the screenshot you posted would scare most users off pretty quickly. I get where you're coming from regarding customizability, but most folks just want 1Password to work, and to do so without putting them at risk. So I think you're right about the 90%. However, I'm intrigued about what you'd envision a 1Password "default operation" setting offering. Right now we have the ability to change between opening a login in a new window, new tab, or current tab when it's selected, but it sounds like you have something entirely different in mind. Can you walk me through it? :)

  • bencurthoys
    bencurthoys
    Community Member

    Things that could happen when a login is selected:

    1 Perform Login (sent browser to saved Url, populate field data via plugin not touching keyboard buffer or clipboard, submit form) [Currently left-click behavior]
    2 Navigate to saved Url but don't do anything else
    3 Inject username into the keyboard buffer (assumes focus is on a textbox, relevant from a context menu only)
    4 Inject password into the keyboard buffer (assumes focus is on a textbox, relevant from a context menu only)
    5 Copy username to clipboard [Currently available from right click menu]
    6 Copy password to clipboard [Currently available from right click menu]

    I was expecting/hoping to be able to configure it to do (4). When I saw that there was a 1Password context menu option, what I assumed was that it was a context menu that was active only when you rightclicked a password field (because that's what I had clicked on), and what I assumed it did was figure out which password was the right password (based on the url and the username and the other form data), and then type it for me into the password field.

    Which wouldn't actually be that bad or unsafe a feature. If you made it only active if the correct password could be uniquely identified, then it wouldn't work on a phishing form anyway.

  • jxpx777
    jxpx777
    1Password Alumni

    That's an interesting idea, @bencurthoys. Improving 1Password's contextual awareness of the page is something we want to explore in the future, but I don't have anything concrete to share about that right now. Thanks for sharing your thoughts!

This discussion has been closed.