autofill does not work at The Economist
autofill is failing for me at www.economist.com when using the "Login or sign up" menu at the top right. 1PasswordX fills in the password, but as soon as I hit tab or return or click on the login box, the site clears the password. I suspect another one of those sites that is looking for keypress events... *sigh.
1Password Version: N/A
Extension Version: 1.6.2
OS Version: Linux; Chrome 66.0.3359.66
Sync Type: Not Provided
Comments
-
Sigh is right! Sorry to agree with you there but I’ve spent hours trying to get The Economist to fill properly and it’s simlly a disaster. I’m not sure what their developers were thinking. It’s like they are actively preventing password managers from filling.
Sadly there is simply no way we can fill this site in its current state. 😢
0 -
There are security people out there who have decided that autofilled passwords are evil and must be banned. They're insane, but they're out there. :(. Thanks for the update!
0 -
@haraldwithtwoehs: I don't think I'd go so far as to say "evil", but we've long recommended disabling browser autofill, not only because of security and privacy concerns, but also usability and data loss. Often people think they have something saved in 1Password, but it's actually in the browser. So backing up their 1Password data will not save that for them. There are a lot of considerations. :blush:
0 -
There's a big difference between 1Password recommending that I disable browser autofill, and websites disallowing all autofill. The former leads to better security, while the latter leads to weak, re-used passwords (exactly the thing we're all trying to avoid these days).
On the other hand, I don't think it's malicious; it's just web pages built by developers who don't use a password manager and don't know any better :)
0 -
There's a big difference between 1Password recommending that I disable browser autofill, and websites disallowing all autofill. The former leads to better security, while the latter leads to weak, re-used passwords (exactly the thing we're all trying to avoid these days).
@haraldwithtwoehs: Ah, agreed. I misunderstood your last comment. Sorry about that. :(
On the other hand, I don't think it's malicious; it's just web pages built by developers who don't use a password manager and don't know any better :)
I think you're right. I don't actually know of anything like the old NIST recommendations which apply specifically to password managers or other automated mechanisms, but it does seem like it may be in a similar vein: rote "security" policy adoption, rather than considering the actual costs and benefits. Or, on the other hand, this may just be an attempt to thwart automated password guessing...but while we play by the rules, I suspect that malicious attackers don't and have plenty of ways around this anyway since they could just send requests to the server without even bothering with the web page. Ah well. As much as this stuff can be a bit of a downer, I've generally seen things getting better over time. It just takes longer than any of us wish it did. :lol:
0