Populating a password for a different site than what you're on
One small peeve of mine with 1password is when I'm on a particular site (say Mint) and I need to populate the password of another site (say my bank). There is no easy way to do that. I have to go into the browser plug in or the app itself and find the website and copy it and paste it.
It would be nice to be able to have an additional feature inside the browser field login to be able to search and populate another site's password.
Here is an example of me trying to add my bank to Mint today but I had to go to 1password App to copy the username and password and then go back into the browser.
1Password Version: Newest
Extension Version: Newest
OS Version: MacOS newest
Sync Type: Not Provided
Referrer: forum-search:Populating a password for a different site than what you're on
Comments
-
Greetings @jefftb,
I don't ever see 1Password allowing arbitrary filling of one Login item into another site. Any convenience we could add would only lessen the protection against phishing attempts. For most cases you really do want 1Password to say no.
With that said, there are certain scenarios where you do genuinely want the ability to allow a Login item to fill on two very different domains. 1Password does allow for multiple website fields and as long as a single website field matches the current one it will allow this item to fill.
There is an argument to be made, how is this different but I do genuinely feel that if a user has to edit an item and explicitly add a second domain that it affords time and reason to ask themselves if this is the right thing to do. While the answer may be quite clear for a case like this given how well known Mint is (even I'm aware of it) in general if 1Password isn't offering an expected item we do want the user to question why and whether this is somewhere they want to be filling.
0 -
I see your point. I would prefer to allow the function with a warning.
0 -
@jefftb: We don't have any plans to do that. This is an important protection against phishing attacks. And, like UAC and so many others before, if we added a warning prompt users would quickly learn to blow past it without paying attention. If you're intent on using a password on a site where it doesn't belong, you can always copy and paste. Or, as lil bobby just mentioned, if you do really need to use it at different sites, you can already save multiple URLs in the Login to reflect that, and then 1Password will fill there when you tell it to. We don't want people squirting sensitive data where it they shouldn't accidentally though. That's core to 1Password, and why it never "autofills" without user interaction.
As a point of interest, a while back Mint updated their iOS app so that it has the appropriate URLs associated with accounts when you add them there, so 1Password for iOS (and I imagine iOS 12 now too) will offer to fill Logins that match. Just another way that iOS is a more secure platform than the web, since it has support for safeguards like this built in. We're happy to take advantage of stuff like that where available. Otherwise though, 1Password needs to "fail secure", and err on the side of not enabling risky behaviour. That's why it exists.
0