Merge Manually Entered Password with Login Information

Eagle1156

Hello,

I frequently manually enter password information into 1Password using the iPhone or Mac desktop app. This entry will just have the title of the site I signed up for, let's say Fandango, the user ID, and the password. I did this without actually logging into the site and just by creating the entry. I will then go to Fandango's site and use my keyboard shortcut to have 1Password log me in automatically. Nothing will autofill and the browser app will open up. I understand the reason it does this is because the log-in website address was not saved into the original password entry I created.

What I'm hoping for though, is that when the browser app pops up and the text cursor goes to "Search Personal Vault" and I type in Fandango, that I click on the Fandango entry that I had previously created (without the website address) and that 1Password automatically fills in the user id and password info stored in the entry AND then adds the log-in website page details so that it can autofill everything next time. This would seem like a fairly standard function to me but I cannot for the life of me figure it out. As far as I can tell, I have to search for the existing Fandango entry, and then cut and copy the user ID and password from 1Password browser app into the website, and then after I successfully login, 1Password then asks to create a brand new entry, creating a duplicate for me.

Am I doing something wrong or is there anything you think that might be able to help me? I hope I was clear enough!

Thank you regardless!

---

1Password Version: 6.8.1
Extension Version: 4.6.9 (Safari)
OS Version: OS X 10.11.6
Sync Type: Whatever is standard

jxpx777

Thanks for your post, @Eagle1156, and welcome to the forums. The behavior you're describing would be tricky to get right because the reason 1Password doesn't work this way is because it compares the website addresses stored with your Logins to the website you're currently viewing and if they don't match, it won't fill into that page. This is part of how 1Password protects you from phishing.

I can indeed see a difference between a Login with no website attached and a Login where the website is present and doesn't match, but I don't think that distinction would be easy to convey to users.

What I would recommend instead is that you copy and paste the URL into the website. Here's how I would do it:

1. Command-L to focus the URL field in Safari
2. Command-C to copy the URL
3. Option-Command-\ to bring up 1Password mini
4. Type Fand to find the Fandango Login
5. (optional) arrow down to the Login if it's not already selected
6. Right arrow to show the details
7. Command-E to Edit the Login
8. Click the website field to focus it.¹
9. Command-V to paste
10. Command-S to save
11. ESC to dismiss the window

At this point, you should be able to use Command-\ to fill the Login. I know this sounds like a lot of steps but once the keyboard interaction is in your fingers, it flies. :chuffed:

I hope that helps as a workaround. Let us know if we can be of further assistance.

--
Jamie Phelps
Code Wrangler @ AgileBits
Fort Worth, Texas

ref: OPM-3909

---

1. There is a bug where tabbing doesn't work to get to the website field because the focus gets stuck along the way so you need to use the mouse for this step. I've added a link to this thread to the bug report as an additional data point. ↩︎

Eagle1156

I really appreciate the reply and your detailed solution and help Jamie. It does seem a little bit like what might be unnecessary overkill for something that seemingly should be standard, but I understand there are reasons for it.

But so that I 100% understand, whenever a password entry is created on a mobile device, the only way to make that password autofill on the site using a Mac with 1Password loaded, is to make sure that the log-in URL of that website has been also added to the password entry in 1Password? And the only way to add that log-in URL is by manually typing it into the password entry or by manually cutting and copying it?

I am not a programmer and respect what programmers do immensely, but I'm not quite understanding how being able to point an already saved password in your app to a website that a browser is currently trying to fill, and then to automatically save that log-in information in the saved password entry, leads to a major phishing issue?

Thank you either way for the help however! I will be following your instructions in the future.

AGAlumB

I really appreciate the reply and your detailed solution and help Jamie. It does seem a little bit like what might be unnecessary overkill for something that seemingly should be standard, but I understand there are reasons for it.

@Eagle1156: I hear you. In a perfect world, we could have it both ways. But we really want phishing protection to be the standard for a security app like 1Password.

But so that I 100% understand, whenever a password entry is created on a mobile device, the only way to make that password autofill on the site using a Mac with 1Password loaded, is to make sure that the log-in URL of that website has been also added to the password entry in 1Password?

1Password cannot match logins to websites without URLs. If we match based on the name/title, phishing sites will pretty much always be named like the site they're impersonating.

And the only way to add that log-in URL is by manually typing it into the password entry or by manually cutting and copying it?

You could type it manually, copy and paste from the address bar when visiting the site, or use 1Password in your browser to save the login.

I am not a programmer and respect what programmers do immensely, but I'm not quite understanding how being able to point an already saved password in your app to a website that a browser is currently trying to fill, and then to automatically save that log-in information in the saved password entry, leads to a major phishing issue?

When following a link to paypaI.com and prompted to login, most people will try to fill a login for PayPal...but the URL I referenced at the beginning doesn't have an L in it; it's paypaI.com with a capital i. That's a bit of a cheesy example since there are even more effective ways to do something like this, but hopefully it illustrates the point. 1Password won't fill a paypal.com login at paypai.com, and that protects both less technical users, those of us just not paying attention, and even someone otherwise vigilant who would not be able to tell by looking that a site is an impostor.

Thank you either way for the help however! I will be following your instructions in the future.

No problem! We're always here if you have any other questions. Have a great weekend! :)