Extension does not auto-submit after auto-fill

I've used 1Password on Mac before, and on Mac the 1Password extension for Chrome also auto-submits the form after auto-filling the username and password. The current extension for Chrome/Linux does not auto-submit; I have to click 'Login' manually. I also can't hit enter because the focus is gone from the form after filling it.


1Password Version: Not Provided
Extension Version: 0.7.6
OS Version: Ubuntu 17.04
Sync Type: Teams

Comments

  • dteare
    edited August 2017

    Good point, @peterjaap! I had meant to do this earlier and got distracted with other issues.

    I've made some changes so focus will be placed on the password or username field after filling. This way you can press the enter key without needing to first select the correct field. That should make the log in process a lot easier. I'd love to press the enter key for you but that's a whole can of worms that I'm not ready to play with just yet :)

    This change will appear in 0.7.7, which will likely be published later tonight.

    Thanks again for reporting this issue! <3

  • tdegroot96
    tdegroot96
    Community Member

    It would be great if the auto-submit feature gets implemented in this extension as well, +1!

  • ninjawa
    ninjawa
    Community Member

    It would be great if the auto-submit feature gets implemented in this extension as well, +1!

    If it does get implemented, please make it an optional feature. I personally don't like to auto-submit.

  • beyer
    beyer
    1Password Alumni

    Thanks for your input folks! If and when we implement an auto-submit feature, I don't see any reason for us not to have a way to select if you want it enabled. We are working on a few new tricks for filling that I think you'll love – stay tuned!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • Taz77
    Taz77
    Community Member

    Is auto-submit still on the roadmap?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Taz77: It's definitely a possibility. We've got some other stuff we're working on and we couldn't fit everything into v1, but when the time is right I'm sure we'll have more to share. Cheers! :)

  • Peleela
    Peleela
    Community Member

    So it's been over a year, any chance auto-submit has worked it way up on the list? I only just recently upgraded, and my old brain is having trouble remembering that I now must hit enter... seriously, I stare at the screen waiting for it to do something for way too long! :-)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Peleela: Thanks for asking! I don't think I have the sort of news you were hoping for though. :( Autosubmit is more likely on its way out altogether. It's gone now in 1Password for Mac due to changes in Mohave and Safari 12. Apple has determined that allowing keystrokes to be sent is a security risk, since malware can use that to bypass warnings to the user and make changes to the system. And they're not wrong. So it will probably be best to get used to pressing Enter/Return, and we continue to work to make sure that 1Password focuses the password field after filling so that will work for you to easily submit the login form. I think that's the best way forward. Obviously 1Password doing this itself is not malicious, but that capability can all too easily be misused. :blush:

  • Peleela
    Peleela
    Community Member

    brenty, thanks so much for the explanation! It's obvious, now that you've explained it, and I agree with the reason. I will just continue to laugh at myself when I notice I've been staring at the screen waiting to auto-fill :-)

  • jcminnesota
    jcminnesota
    Community Member

    Ok, I sent a request to support a week ago with no response. I guess that customer support email is not available anymore either. I upgraded to Mohave and now get the following message:

    The operation couldn’t be completed. /Users/johnchristian/Library/Application Scripts/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/1Password_Autosubmit.scpt:36:52: execution error: System Events got an error: osascript is not allowed to send keystrokes. (1002)

    And it won't automatically go my website. Is that what this is about? And if so, then how do I get rid of the gibberish message ever time I long in...and have to click "ok" before I can log in?

    JCMinnesota

  • AGAlumB
    AGAlumB
    1Password Alumni

    brenty, thanks so much for the explanation! It's obvious, now that you've explained it, and I agree with the reason. I will just continue to laugh at myself when I notice I've been staring at the screen waiting to auto-fill :-)

    @Peleela: You're very welcome! I'll be honest: happens to me sometimes too. I'm determined to get used to it though, and not having to worry that less-than-savory apps could be taking actions for me makes this a tradeoff I'm willing to accept. Cheers! :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited October 2018

    Ok, I sent a request to support a week ago with no response. I guess that customer support email is not available anymore either.

    @jcminnesota: We try to reply to messages in the order in which the are received, and I'm sorry that you haven't yet received a response to the one you sent five days ago. :(

    I upgraded to Mohave and now get the following message:
    The operation couldn’t be completed. /Users/johnchristian/Library/Application Scripts/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/1Password_Autosubmit.scpt:36:52: execution error: System Events got an error: osascript is not allowed to send keystrokes. (1002)
    And it won't automatically go my website. Is that what this is about? And if so, then how do I get rid of the gibberish message ever time I long in...and have to click "ok" before I can log in?

    It sounds like you're using an old version of 1Password on Mojave. In that case, while I'm not 100% certain, I suspect you can avoid the issue by disabling the "Automatically submit" option in 1Password Preferences > Browsers (if memory serves). Does that help?

    ref: LKQ-61833-699

  • jcminnesota
    jcminnesota
    Community Member

    Yes thanks. the message is gone now when I use 1P to log in. But so is the ability for 1Password to actually log in!! Not a big deal and I see in a prior response its done for security reasons. But it is one more feature lost. Is it related to your new subscription model where a hacker could auto fill if they gain access to your server? I am still on V6 because I prefer standalone, but can't find out how to upgrade my standalone version on my IMAC or my IPhones. Can you advise on that? I love 1P but do have some misgivings about the subscription model. It seems counter intuitive in todays hacker enviroment to trust all my passwords to the server in the sky......! But I still love 1P.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Yes thanks. the message is gone now when I use 1P to log in. But so is the ability for 1Password to actually log in!! Not a big deal and I see in a prior response its done for security reasons. But it is one more feature lost.

    @jcminnesota: I hear you. But on the plus side, malicious apps won't be able to send keystrokes either. And 1Password can usually focus the password field after filling, so a quick tap of Return will login you in in most cases. :)

    Is it related to your new subscription model where a hacker could auto fill if they gain access to your server?

    Nope! But that's a great question. In fact, 1Password.com account credentials are never transmitted to the server, so only the user ever has them. :)

    I am still on V6 because I prefer standalone, but can't find out how to upgrade my standalone version on my IMAC or my IPhones. Can you advise on that? I love 1P but do have some misgivings about the subscription model. It seems counter intuitive in todays hacker enviroment to trust all my passwords to the server in the sky......! But I still love 1P.

    Absolutely. I think my answer about will help, and if you have any other questions let me know. But suffice to say that while "standalone" using local vaults is by no means insecure, we've gone even farther to up the security for 1Password.com accounts since we need to make sure that we're not in a position for an attacker to use us to get to 1Password users. So definitely check it out and let us know if you have any question about it:

    https://support.1password.com/why-membership/

    However, if you'd still prefer to stick with "standalone", you just need to install version 7, select the license option to use your existing data, and then purchase a license right in the app. You can find out more about what's new here:

    1Password 7 for Mac: The Best Ever

    And we're here if you need us. :)

  • jcminnesota
    jcminnesota
    Community Member

    Thanks. As for the subscription I have no problem with paying the monthy fee and understand that you all want a more predictable income flow. And a benefit to us is that it helps support the 1P infrastructure and quality staff such as yourself. I do wish I could actually talk to a live person when needed however. An email takes days for response (now going on a week). But my main concern with the subscription model relates to security and I do not fully understand how/why all my passwords on a remote server will be safer from hackers. I have read your FAQ's etc but still don't quite understand what it all means. Sorry, but I am not a millennial (X2 actually!) I do see that there is a new "security key" feature if I get the subscription that apparently resides only on my devices-----and not on your server. Is that correct? Do I have to enter that everytime I access 1P in addition to my user name and master password? Also what protects the security key from hackers on my device? Sorry to be so clueless but I also need more reassurance that its safe....or safer than what I have now.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks. As for the subscription I have no problem with paying the monthy fee and understand that you all want a more predictable income flow. And a benefit to us is that it helps support the 1P infrastructure and quality staff such as yourself. I do wish I could actually talk to a live person when needed however. An email takes days for response (now going on a week).

    @jcminnesota: Ah, thanks for the kind words, but I'm sorry. That's my fault. I didn't think i made sense to reply to you in email as well, but if you prefer that we can continue the conversation there.

    But my main concern with the subscription model relates to security and I do not fully understand how/why all my passwords on a remote server will be safer from hackers. I have read your FAQ's etc but still don't quite understand what it all means. Sorry, but I am not a millennial (X2 actually!) I do see that there is a new "security key" feature if I get the subscription that apparently resides only on my devices-----and not on your server. Is that correct? Do I have to enter that everytime I access 1P in addition to my user name and master password? Also what protects the security key from hackers on my device? Sorry to be so clueless but I also need more reassurance that its safe....or safer than what I have now.

    Great questions! Indeed, the Secret Key is a 128-bit, randomly-generated code that is created locally on your device when you setup your account. Like the Master Password, it's absolutely never transmitted to us, and both are used to encrypt the data. So even if someone breaks into our server and steals the encrypted data, they won't have the "keys" to decrypt it; only you will.

    You're right that someone with access to your device could probably get your Secret Key from there, and then they'd "only" need your Master Password...but that's no different than the situation you'd have been in before 1Password.com accounts if someone got your device. The purpose of the Secret Key is to protect against someone stealing from us, since we know we'll be a more interesting target now. So it was important to us to ensure that what we have cannot be used to get at our customers' data. And since both are needed to decrypt the data, the attacker cannot brute force your Master Password; they'll also need to guess the Secret Key at the same time.

    Getting back to your earlier question, the Secret Key needs to be entered to authorize a device initially — say, signing into 1Password.com in your browser the first time. After that, you can unlock using the Master Password, more like you're accustomed to. I hope this helps. Be sure to let me know if you have any other questions! :)

  • jcminnesota
    jcminnesota
    Community Member

    Thanks for the responses Brenty. I don't need a response to my email. I do have one more question. I currently have my computer set up for a time machine backup to ICloud. Is my 1P data copied to iCloud? If I switch to the subscription will my 1P data still be copied to the ICloud servers? (And not have the benefit of the Secret Key to protect it?) This is my last question......for now! I do appreciate the customer support.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jcminnesota: Hey, more questions are always welcome. :) Anyway, 1Password.com accounts don't use 3rd party sync services at all. So you'd only be able to sync a local vault with iCloud, and those are quite separate from 1Password.com, and we don't recommend using both because of the confusion that can cause. That said, setting up a 1Password.com account will not remove existing data from iCloud that you already have there. You can delete it after migrating to 1Password.com, but better to do that and be sure you're good to go first. :)

This discussion has been closed.