Request: Disable auto-save per page vs. domain

mnadig

My bank directs me to a 2fa pin page after providing my credentials. Once I enter the pin, 1password is prompting to save/update my password. I would like to "never prompt" for just that page, not the domain, since I do want 1password to save any change to my password.

---

1Password Version: 7
Extension Version: 4.7.0.90
OS Version: Windows 10
Sync Type: Local

MikeT

Hi @mnadig,

Thanks for requesting this.

We'll pass it on to our extension team, what we can do is detect if it is 2FA form and see if we can ignore it. We do want to support filling 2FA automatically too in a future update.

Would it be possible to know which bank it is, in case someone on our team has an account and we can study the process.

mnadig

Hi @MikeT . Thank you. I'm not sure how you would detect a 2FA form generically. In my case I don't think 1password could/should handle 2FA automatically since the bank is requesting a unique code it sent me via SMS, Email or in their specific mobile app . Bank is USAA.

Allowing page along with domain in "don't prompt" seems pretty a straightforward first step :)

Kudos to you and the team. I really have been enjoying 1password7 on my windows box, coming from 1password4 - whilst having 1password6 on my mac and iphone. (locall vaults)

MikeT

Hi @mnadig,

Thank you. I'm not sure how you would detect a 2FA form generically. In my case I don't think 1password could/should handle 2FA automatically since the bank is requesting a unique code it sent me via SMS, Email or in their specific mobile app . Bank is USAA.

1Password supports being a two-factor authenticator for most sites, it can fill it if the saved Login item stores it. If it doesn't, the extension can learn from the site it's on and see if it has hints of 2FA with 6-8 digits requested which is the standard for 2FA and ignore it completely.

Allowing page along with domain in "don't prompt" seems pretty a straightforward first step :)

It always seem like it but but internally, the code is far more complex. Most of our internal logic deals with domain only, the 1Password extension sends the domain to 1Password's background process to look for a list of Login items that match the domain, process that list and see if it is to be "ignored", "updated", etc. and then it does more processing based on several algorithms before it sends the useful data back to the extension. Adding the page to that complex process requires modifying everything from the top to the bottom because we have to say "skip if it is on this specific page when it matches this domain first".

mnadig

:thumbsup:

MikeT

👍 It's +1 for the thumb up.