1Password doesn't work on iPad on chase.com
The 1Passwoed extension does not work in Safari for iPad at this website:
https://www.chase.com
We created & saved our login on Mac, but it never works on iPad. It will not autofill our login credentials. In fact, the 1Password extension typically unexpectedly quits altogether when trying to autofill on this particular website... 1Password gives us an error message about us needing to force quit the "host application"... which we do, but still no change in behavior after force quitting and relaunching Safari for iPad.
1Password Version: 6.8
Extension Version: Not Provided
OS Version: iOS 10.3.3 (iPad)
Sync Type: Dropbox
Comments
-
@scotty321: Chase has become rather picky over time, and it insists on sending you to their mobile site, which uses a format 1Password cannot save or fill — iOS does not allow access to iframes. There are only two workarounds to this, and the first one is a pain:
- Use a device/browser/useragent that allows you to access the desktop site (not always possible, and always a hassle)
- Use their mobile app instead of their website to get around this
Unfortunately this will not change unless they update their site to use modern web standards, or Apple changes Safari (all browser on iOS use its engine) to allow filling into what is arguably not a safe place (since the user cannot tell where the login form in the iframe originates). It really seems like they just want us to use their mobile app though. :(
0 -
lol well, I've had worse banks, but yeah their website is not among my favourites. Sorry I didn't have better news for you this time, but we're here if you need anything else. :blush:
0 -
Sorry, but I have to disagree with you. There are many, many web sites that use iFrames. It is just as "modern" as flat signon pages, if not more so.
Can you please explain why 1Password just fails 100% of the time on all of them? This has been a known problem in 1Password for at least a year.
When can your loyal users expect a fix?
0 -
Until improvements are made in iOS we cannot/will not change this. We have requests open with Apple to give us the same protections and facilities on iOS that they give on Mac. Currently these protections do not exist on iOS, and as such we have no safe way (sandbox) to run our scripts inside of iframes.
Having the scripts not be sandboxed is problematic because it means, for instance, a malware ad on a site could attempt to replace our scripts with their own and attempt (perhaps successfully) to intercept your credentials.
It is an unacceptable risk.
Ben
0 -
Thank you, Ben.
So there is a "sandbox" that makes iFrames more secure in MacOS?
Because I understand from others at Agilebits that the problem does not exist for the Mac version of 1Password. Is that right?
Can you suggest a workaround on iOS other than opening 1Password in a different window and copying and pasting? But the problem would still exist in that case, based on what you say in your post, would it not?
How do you suppose Apple's Keychain gets around the vulnerability you reference? Hooks that are privy only to Apple? Or perhaps they don't?
0 -
So there is a "sandbox" that makes iFrames more secure in MacOS?
Correct.
Because I understand from others at Agilebits that the problem does not exist for the Mac version of 1Password. Is that right?
Yes, that is right.
Can you suggest a workaround on iOS other than opening 1Password in a different window and copying and pasting? But the problem would still exist in that case, based on what you say in your post, would it not?
Opening another browser window is not necessary. The procedure scotty321 outlined is what I do as well.
How do you suppose Apple's Keychain gets around the vulnerability you reference? Hooks that are privy only to Apple? Or perhaps they don't?
I don't have any insight into how Apple themselves handle this. Either of the possibilities you mentioned could be the case.
Ben
0 -
I actually like chase
https://chaseonline.chase.com/Logon.aspx
This link use to work, doesn't now :(0 -
So this link works still on my iPad, but not my iPhone. I went on this link, and 1Password autofilled everything for me
https://chaseonline.chase.com/Logon.aspx0 -
Just to clarify for anyone else in the future, as a Chase customer encountering this myself, I've noticed that they're just serving different versions of the page based on the device/browser, so the iframes login form referenced above is only an issue on phones (as far as I've seen). Computers and tablets seem to get a "desktop" version of their site which doesn't use these at all. For now copy and paste works on an iPhone at least until Apple makes it feasible to have 1Password fill in that particular scenario.
0
