Ignore specific buttons from triggering 1Password

This video explains: https://www.youtube.com/watch?v=wq-OYRihWZ0

How can I prevent certain elements from triggering 1Password? Or even better, tell 1Password explicitly which fields it should save.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @canfiax,

    Just before we delve into this the fact that 1Password wanted to call the Login item localhost suggests that you might not be a user looking for a solution for a particular site but maybe you're trying to create a page or site and are looking for something that won't trigger this response for possible users of the site. Would I be correct at all? The reason I ask is I want to make sure we're approaching from the right angle as these would be different issues as I'm sure you would agree. Then we can look at what might be done :smile:

  • canfiax
    canfiax
    Community Member

    Exactly.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @canfiax,

    I'd just like to say that as a result of your query I had an interesting conversation about certain aspects of the extension and learned more about the internal workings so thank you :smile:

    The action of clicking the link is something we monitor as it can be one way a site will have the user indicate to log in. When this happens we compare the form as it was loaded to as it is now. The developer noticed the yellow fields meant Safari had filled the two fields. If the fields remain empty then clicking the link shouldn't cause the autosave to fire. You can test this by turning off Safari's AutoFill temporarily and reloading the page. I don't know if even just this snippet of information means the issue isn't as bad as you were worried about as the 1Password Save Login window will only appear if somebody enters information into the fields and then clicks the link.

    I do have a question though, due to how many interesting ways a login page can be designed sometimes we have to get quite general with what can fire the autosave routines. In terms of the hierarchy of elements in the DOM is the sign up here link a child of the Sign In button? This could have some relevance so is of interest.

    The discussion with the developer also resulted in some thoughts on how 1Password could be altered to reduce false positives but this will be something we will need to test. Using our own forum's sign in page though we did manage to have the extension ignore the login fields when we clicked the Sign In with Google button so there's promise here. We just don't want to accidentally not ask to save for a user when it should. I think this shows promise though :smile:

  • canfiax
    canfiax
    Community Member

    Thanks for your answer :) it could be cool with a way to tell 1password not to trigger "save" on specific Dom elements, trough JavaScript or a html tag.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @canfiax,

    The concern we have here is that as long as it isn't abused we can see the usefulness. What happens though if sites start using it because they don't believe their users should be using a password manager? Do we then make the decision that they're wrong and ignore the flag on those sites? I see why it would seem useful to you to help guide 1Password as your motivations are honest but we often have to think more defensively. All of this helps us improve our extension though so thank you!

  • canfiax
    canfiax
    Community Member

    I honestly don't think that would become an issue. Password manager is a tool that helps users gain access to their site. It's a service. They would loose reputation, gain less active users, and so on. Also, people would always be able to manually enter the login if they would.

    In any case, as you mentioned, you could always ignore the flags for certain sites, if it really became an issue.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @canfiax,

    You might be surprised, banks for example can be quite hostile towards password managers, deploying all sorts of tricks in an attempt to force the customer to type their password. I've never understood it because all that will do in the majority of cases is encourage people to select poor passwords that are easy to remember and type.

    I will pass your thoughts on though.

This discussion has been closed.