Better autofill solution

Hello,

i have been using LastPass for couple years now and i feel the need for a change. I am checking out couple password managers including 1Password, i can say that i really love the fact that i can create different vaults and also that i can use a family vault, though there is something that i really think that 1Password is years behind, that is browser auto fill in...

Are there any plans for better autofill in? For example, LastPass has that icon next to each field, that is really fast to click and login, Dashlane pops up a box when i click the username box and when i register when i click on the Password field to type, there is a popup from Dashlane that says "Generate Password". This helps a lot with productivity, its much faster than moving your mouse to the browser extension and click on it to login or do the same for generating a password...especially on Windows you have to click on another tab (!)

I like how 1Password looks this is why i want to pay a subscription for it. But these features i feel that are very crusial that improve your productivity! Are there any plans about these?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • jxpx777
    jxpx777
    1Password Alumni

    Thanks for your post, @gmaister22. I lead our browser extensions team, and saving and filling is something we work quite hard at, so I'm always keen to see how we can improve. :smile:

    First, are you having issues with the actual results of filling or is it more of a convenience thing? Convenience is important for sure, but I want to make sure I am understanding the friction properly. If you are a keyboard-centric user, the 1Password keyboard shortcuts should provide faster access to your 1Password data. For instance, on my Mac, I almost never use the button in my browser. I fill with Command-\. I bring up 1Password mini with Option-Command-\, and I navigate its interface with the arrow keys, up and down to change selection and then right and left arrow to go into and out of menus. For most people, once they get the hang of this, it's much faster to navigate. Perhaps this might help you as well?

    As for adding user interface controls to the page, we have been reluctant to do this because it opens the extension up to security concerns in addition to adding complexity to the extension itself. For instance, the user interface control that gets added to those fields in LastPass was a vector for a security vulnerability Tavis Ormandy of Google's Project Zero reported last year. Our architecture is slightly different to what LastPass does, but any time an extension injects elements into the page and then responds to the user's interactions with those elements, the extension has blurred the boundary between the extension's Javascript and the page. Normally the scripts for an extension run in an "isolated world", sequestered from the scripts that run on the page. This kind of UI interaction pokes little pinholes into that boundary that can lead to unanticipated issues and a constant whack-a-mole game of edge cases. So far, we have opted for a more conservative approach at the expense of some of these flashier features.

    Beyond that, 1Password handles the user interface differently. LastPass (and I believe Dashlane as well) include user interface elements in their extensions. 1Password doesn't do this and instead all the user interface needs of the extension are served by the native application. The extension tells the native app when and where to display the window, but the look and feel of it is left up to the native app, which makes the experience much nicer on each platform because everything looks more like it belongs.

    Integrating a control to generate a password into the page is indeed something I think we could look at though. I'm not sure what that would look like—we'd have to get our design crackerjacks involved to make it great—but interacting with that particular control would only serve to show the password generator, which you could dismiss easily. Of course, this would require a lot more thought than I have given it off the cuff here to account for edge cases and make sure we can deftly integrate it into the page, but I think it's a reasonable thing to pursue.

    Thanks again for your feedback, and I hope this helps explain some of the design decisions and trade-offs that we're making. Let us know if you have other thoughts or concerns because it's passionate users like you that help us make 1Password better every day.

    --
    Jamie Phelps
    Code Wrangler @ AgileBits
    Fort Worth, Texas

  • gmaister22
    gmaister22
    Community Member
    edited September 2017

    Hello, thanks for the fast response!

    As for logging in i think that it is faster to skip keybinds, skip arrow keys and skip all keys in general! Dashlane for example, when i visit a website, it automatically logs in when i have 1 account for this domain and when i have more than 1, i get a popup to pick which account i want to use, so fast, no keybinds!

    Also for example, when i was using LastPass in particular (Dashlane did not have this feature) and browsing a website, there was a number on the extension displaying how many available accounts exist for this domain, very neat feature. This feature also helps a lot because it displays on the fly without the need of pressing keybinds on every single login page i visit, if i already have an account on this website, VERY useful! On 1Password, in order to verify if i already have an account on this website, i have to press a keybind which is slower! It's about productivity right?!

    AKA, in my homble opinion, the software is great, i like the so many options for logins, even SSH clients etc, the software feels really polished, but, the browser plugins (and of course the Android integretion!) is lacking!

    This Password Generator pop up on Password Fields, should really be added!
    Also another great and useful feature of Dashlane is that i can set couple "usernames" i use most of the time so that when i register on a new website, i get a popup with those nicknames to click, wont even have to type!

  • gmaister22
    gmaister22
    Community Member

    I also noticed that when i click on the password field and use the CTRL + ALT + \ and then select the Password Generator the password that gets generated is not auto inserted on the field, i need to paste it manually, that on Windows 10

  • jxpx777
    jxpx777
    1Password Alumni
    edited September 2017

    Filling automatically on page load is another area that has led to security concerns. We have been commended for the decision not to do this by security researchers. (Look for "manual autofill" in the PDF.) Being able to offer more affordances in the extension is something we want to explore, but as I said, we are very conservative when it comes to this stuff because of the number of ways that things can go in unexpected directions once clever security researchers begin poking around.

  • gmaister22
    gmaister22
    Community Member

    What about the fact that generated password has to be copy pasted in order to get it to the field?! Can't it be added automatically?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited September 2017

    @gmaister22: That's a limitation of the new Windows app. It won't be automatic, but we'll be adding filling from the password generator in a future release.

  • mathieu_g
    mathieu_g
    1Password Alumni

    @gmaister22 I think that what you're asking for (directly copying the generated password to the field) exists but in the mac version.

  • That is correct, 1Password for Mac will fill empty password fields from in the Password Generator as does 1Password 4 for Windows. 1Password 6 for Windows will eventually acquire this functionality, it's just a matter of time.

This discussion has been closed.