1Password for iOS can not fill forms based on NemID

The subject almost says it all. NemID is a single sign on system used by all Danish banks and public service services. An example of its usage can be seen here: https://portal4.sydbank.dk/wps/portal/sydbank-dk/NemIDJS

1Password has no problems with this on desktop computers.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Nemid

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @relausen: They're using an inline frame to load another page with the login form inside the page at that URL. It isn't possible for 1Password (or any other extensions) to interact with frames. Safari simply doesn't allow this on iOS, as it's a security risk (the user can't tell the source of the frame). I don't see a way to load the login form directly, so the only way to login there currently would be to copy and paste your login credentials. If they have an iOS app though, I'd encourage you to use that. Often Touch ID is supported, and you can at least verify the source of the thing you're pasting your password into.

  • relausen
    relausen
    Community Member

    Ok, thank you very much for checking it out. The amateur idiots designing the NemID system prevents pasting into the fields - for security! So I'm stuck with typing my password.

    The bank I linked to does have an app with Touch Id support for iPhone, so that specific use case is no big deal - just an example - but the NemID system is used for a lot of services in Denmark that don't have apps. Ironically "NemId" means "Easy Id" :|

    Again: Thank you for looking into this!

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @relausen,

    Hopefully something changes that will mean we can support IFrames on iOS but as you can imagine 1Password, no matter the platform, is dependent on the underlying operating system and the browsers. We're always hopeful and maybe one day a new version of iOS will mean a nice change here :smile:

    Thank you for explaining what NemId is as well as I hadn't heard of it. That's my new piece of information for the day :smile:

  • AGAlumB
    AGAlumB
    1Password Alumni

    Ok, thank you very much for checking it out. The amateur idiots designing the NemID system prevents pasting into the fields - for security! So I'm stuck with typing my password.

    @relausen: That sucks. I think we've all been in that boat at one time or another, and I'm really sorry that you're in this position. :(

    The bank I linked to does have an app with Touch Id support for iPhone, so that specific use case is no big deal - just an example - but the NemID system is used for a lot of services in Denmark that don't have apps.

    Ah, I hear you. Yeah, that's why I recommended trying the app, since most of the banks I've used seem to put more effort into the experience there, often utilizing things like Touch ID. But you're right, that does depend on them having an app in the first place, and not everyone does. So I've got a few thoughts to share there...

    Ironically "NemId" means "Easy Id" :|

    I never would have guessed that from the context. :unamused:

    Again: Thank you for looking into this!

    You're very welcome! I'm just disappointed I couldn't find a way around it. Often in these cases there is. However, there are a few things I want to add that might be of some use to you.

    One thing I can suggest is using 1Password to generate a word-based password if necessary. It won't be as strong as one that is composed of random characters, but a randomly-generated password composed of words is still better than one you and I can make up ourselves and just as easy to type.

    While it may not be any consolation to you right now, folks have had some success in the past lobbying their banks to allow things like copy and paste, and to work better with password managers. We had a blog post a while back about a similar case, and it actually had a happy ending:

    An open letter to banks

    And we've heard from many customers since then that they've sent this to their own banks, some having success. It never hurts to try, and please feel free to borrow from that, link to it, or point them in our direction. If there's anything we can do to help them make it easier for our mutual customers to be more secure online (which ultimately benefits their bottom line too with less fraud and support requests) by using long, strong, unique passwords that no one can reasonably remember or type, we're glad to.

    We offer a 1Password extension for iOS which they could use in their app. It isn't something we can build into other apps ourselves. Their developers will need to add support for it. But otherwise it is necessary to copy and paste or type manually, and that encourages their customers to use weaker passwords. It's no fun doing any of those things, and many people simply won't do it!

    We also have a website devoted to the 1Password extension for developers, so be sure to let them know if you'd like them to add support for it and point them in our direction. We're always happy to help them join the ranks of apps that support the 1Password iOS extension!

    And we have an article on designing compatible websites specifically as well, since that's important not only for security, but for accessibility for those with visual impairments. With good design that enables security and convenience, everybody wins. Cheers! :chuffed:

This discussion has been closed.