Bug: One time password clipboard restore fails if login is attempted more than once

Options
albus522
albus522
Community Member

If you need to trigger filling in the login form a second time before the clipboard has been restored, one password does not detect that it already has saved the clipboard contents and instead saves the copied one time password and restores that after the timeout.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni
    Options

    Hi @albus522 -- yes, that would make sense. The TOTP feature was designed to copy your one-time password to the clipboard long enough for you to be able to paste that into wherever you need it, after which it restores your clipboard's previous contents. I'm curious, though - what specific site do you need to paste a TOTP twice, and what specific steps are you taking to do this? I just tried to replicate what I think you're saying, without success. Can you elaborate a bit on the specific steps? Thanks.

  • albus522
    albus522
    Community Member
    Options

    No, I do not need to copy the TOTP twice. Filling in the login fails a lot with the helper, so having to do the operation multiple times is pretty common. So go to a login page, trigger filling in the login, a TOTP is now in the clipboard, but the fill in fails, so trigger the fill in again, the TOTP copy has now occurred again, but now when it restores the clipboard it will restore the TOTP it copied on the first fill in failure. Your original clipboard is gone. The app should recognize that it already has a clipboard restore operation that it has not completed and not override that with what 1password just put in the clipboard.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @albus522: I'm not sure how the app could recognize that. It's simply restoring the previous contents of the clipboard after copying the TOTP code — even if the previous contents were another TOTP code. 1Password doesn't (and, arguably, shouldn't) be monitoring your clipboard and trying to manage it otherwise. That said, it's certainly something we can investigate.

    Unfortunately without some basic information you've so far omitted from your posts, it's hard to say what might be going wrong and how we might right it! Please tell me the OS, 1Password, browser, and extension versions you're using, the exact steps you're taking, and what is (or is not) happening the way you expect so we can figure out the best plan of action:

    Find your version

    The more information you can give, the better. And, for example, if you're having trouble filling on a site, it would be helpful to know the URL so we can test it and try to improve 1Password there. Thanks in advance! :)

  • albus522
    albus522
    Community Member
    Options

    This issue is not about the fill in failure which is largely outside 1password's control. This issue is about something fully within 1password's control.
    1password is directly triggering a clipboard restore, correct? 1password should know if it has triggered this clipboard restore yet, correct? Technically it should know this even if not directly triggering it, via the timeout. Assuming both those are correct, 1password should make sure there isn't already a waiting restore before copying the TOTP to the clipboard. Maybe trigger the restore before copying the code. If that isn't within your control, maybe don't do a second copy when you know there is a pending restore. Basically, don't destroy the user's clipboard.

    While the specific version doesn't matter as the client has been doing this for quite a while here you go, OS 10.12.6, 1P 6.8.2, 1P ext 4.6.11.91, Chrome 61.0.3163.100. I believe the same happens on Windows 10 but I don't have that computer in front of me to be 100% sure.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited October 2017
    Options

    @albus522: It's good to know you're using a Mac, and the specific versions can help us determine if this is a regression, so I appreciate you including that information! But, from your description, unless I'm fundamentally misunderstanding, this is working as designed:

    1. You fill a login
    2. 1Password copies the TOTP to the clipboard, saving the previous contents
    3. You fill the login again
    4. 1Password saves the clipboard contents again, now the previous TOTP code, before copying TOTP to clipboard again
    5. (Time passes)
    6. 1Password restores previous clipboard contents (TOTP from step 2)

    That's certainly something we can try to make 1Password smarter about in the future, but it's doing exactly what it's supposed to here. There are also a few different ways we could approach that, and they can all have downsides for users, so it's something we'll need to consider carefully.

    ref: OPM-5354

    The real issue is that you're having to try to fill multiple times in the first place...but there's nothing we can do about that without more information. Certainly in some cases it isn't possible for 1Password to fill properly or at all, but it's something we're constantly working to improve, and that's something that can benefit all 1Password users, not just one particular edge case.

    For example, you're probably not the only person having this problem. If you are, and it's just something specific to your setup, that may be something we can help you resolve. Otherwise, it's important that we do what we can to help with any fundamental filling failure in 1Password.

  • albus522
    albus522
    Community Member
    Options

    Yes you have summarized the issue I care about there. As for form fill ins I suspect 1password bombs most when the on page js pukes. Given I use a couple different variations on ad and tracking blocking extensions, js errors are relatively common. Specifically using uBlock Origin and Adblock Plus. Very tight cookie restrictions also tend to cause issues.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    Yes you have summarized the issue I care about there.

    Great! I've already brought it up with the team to see if we can come up with a satisfactory solution. :)

    As for form fill ins I suspect 1password bombs most when the on page js pukes.

    It's certainly possible, but we have great folks working on this stuff, so often they are able to find ways of improving it. :chuffed:

    Given I use a couple different variations on ad and tracking blocking extensions, js errors are relatively common. Specifically using uBlock Origin and Adblock Plus. Very tight cookie restrictions also tend to cause issues.

    That's a very good point though. There can be additional unforeseen interactions with Javascript from a bunch of extensions running too. Sometimes disabling them can help...and honestly I don't use other extensions in my profile with 1Password since they often want unrestricted access to the page, which would allow them to see anything filled by 1Password or entered by me.

  • albus522
    albus522
    Community Member
    Options

    One more note. This also breaks in multi-step login forms where you are required to trigger the form fill in multiple times. First for the username then again for the password.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @albus522: That's an excellent point! I can't say I've ever used a site which had one of those awful multi-page monstrosities and used TOTP, so an example would be great. Often it's possible to squeeze it into a single login item, so that could help in the mean time if that's true in this case.

  • albus522
    albus522
    Community Member
    Options

    @brenty AWS

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    Ah, that makes sense. Indeed, Amazon has switched over to a multi-page login process. Appreciated! :)

  • albus522
    albus522
    Community Member
    Options

    New issue, Login to a page with one time password setup, one time password is copied to the clipboard, highlight and copy some info you wanted, one time password timeout is is reached and blows away what you just copied.

    Can you at least provide a setting to disable this feature? I looked and couldn't find one. This feature is not benefiting me and I am really tired of fighting with it

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @albus522: Hmm. I can't say that I've ever had occasion to copy something new within 30 seconds of logging into a site, but I just tried it and will take you word for it. I say that because I don't have the stable release of 1Password installed. So if that's an issue that's present there, we've already addressed it internally. With recent builds, when I copy text before 1Password restores the clipboard contents, 1Password does not restore the previous clipboard contents at all, preserving the current clipboard state. I've made a note of this as well so we can test for regressions later. Does that sound like it will work for you? :)

  • albus522
    albus522
    Community Member
    Options

    Maybe the upcoming release will make things better, but a setting to turn it off entirely would still be welcome.

  • Lars
    Lars
    1Password Alumni
    Options

    @albus522 - thanks, we'll pass along your wishes. :)

This discussion has been closed.