How can I stop 1Password X from asking me to "Click OK to fill your 1Password item on..."?

1356

Comments

  • Hey @uliphant:

    Thanks for adding your feedback here. As Yaron mentioned above, this is a security measure to prevent a malicious site from clickjacking you. However, I'll make sure your feedback is noted internally for in the future. Thanks!

    Jack

  • atmasphere
    atmasphere
    Community Member
    edited December 2021

    I’d like to add yet another vote to have a preference and accept the risk. I hate the confirmation every time. It’s particularly awful on mobile … at least I can hit enter on the keyboard on desktop but would prefer ONE toggle to accept and move on. Please!

    Even signing up on this very web site required two different confirmations to fill in information. WTF. Please fix this.

  • verdi1987
    verdi1987
    Community Member

    I've been annoyed by this feature for months, but today I reached my limit to the point of commenting here.

    This obtrusive prompt pops up in irrelevant fields (fields not actually fillable by 1Password) and displays even when I simply click into a field.

    We should be given an option to disable this prompt. It's never worked to my benefit.

  • ag_yaron
    ag_yaron
    1Password Alumni
    edited December 2021

    Thanks for chiming in and providing additional feedback @verdi1987 ! :+1:

    ref: dev/core/core#761

  • philip_sf
    philip_sf
    Community Member

    +1.

    I've been using 1pasword for a decade, and this is the first time I've been compelled to visit the forums. The new UI/workflow is driving me bonkers. The prompt is just one of the items irking me.

    It feels like 1password is taking over the page, whereas before it was less intrusive. The 1password menu that appears under form fields will display a prompt that instructs the user to unlock 1password. That little popup feels like it would be awfully easy to spoof. Plus the 1password form field suggestions often obscure the browser's own autofill suggestions.

    I really liked 1password before these changes, and am pretty unsatisfied now.

    I've invested a lot of time in 1password over the years, so I won't threaten to leave like some others have, but dang this is frustrating. I'm much less likely to recommend 1password to others with the current UI/workflows.

  • verdi1987
    verdi1987
    Community Member

    @philip_sf, if you are using Safari, you can disable the inline menu in Preferences > Browsers > “Show inline menu in Safari.” That’s on Mac v7. You may also want to disable the Autosave setting.

  • philip_sf
    philip_sf
    Community Member

    Thanks, but I don't use desktop Safari. I noticed the settings provide the inline menu options for Safari, and only Safari. It's odd the other browsers are represented there, esp considering their market share.

    Don't want to hijack this thread... just wanted to add my 2¢ about the current state of 1password.

  • ag_ana
    ag_ana
    1Password Alumni

    @philip_sf:

    If you use another browser, you can find the same option in the extension's settings in Chrome or Firefox:

  • philip_sf
    philip_sf
    Community Member

    That's very helpful, thanks!

    The 1password lock icon still appears in the field, though. In some cases, it covers icons that the site displays in the same field, such as the eye icon on this site:

    My preference is that 1password doesn't insert any UI elements into the page at all (the way it used to be).

  • ag_ana
    ag_ana
    1Password Alumni

    @philip_sf:

    My preference is that 1password doesn't insert any UI elements into the page at all (the way it used to be).

    If that is your preference, have you considered reverting to the old classic extension?

    Get the 1Password classic extension

  • philip_sf
    philip_sf
    Community Member

    Thanks, I might just do that. I strongly prefer the older UI and workflow. My only concern is whether the classic extension will be supported moving forward. Do you happen to know? It would be great if the new extension would support a 'classic' mode.

    It's funny, I had both the old and new extensions installed in Firefox for months and didn't realize it because the icon for the new extension was hidden by Firefox. Not sure how i wound up with two extensions. I suppose it happened during a 1password upgrade at some point. As you can imagine, having both extensions installed and active caused weird issues. For example, clicking the Autofill button in the 1password extension prompt would always open a new browser tab, instead of filling in the fields on the existing page. Once I realized there were two 1password extensions installed, I removed the old one and everything worked as expected.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @philip_sf .

    If you turn off the "Offer to fill and save passwords" option as well (as shown in ag_ana's screenshot), it will remove 1Password's UI elements altogether from webpages. To save a login page you can right-click the 1Password extension icon and select "Save Login".

    Having both extensions indeed causes some side effects, such as opening new tabs when using open & fill.

  • philip_sf
    philip_sf
    Community Member

    Thanks, I will give it a try!

  • ag_yaron
    ag_yaron
    1Password Alumni

    :chuffed: :+1:

  • derekbrown
    derekbrown
    Community Member

    +1 to allowing me to turn off the "OK" confirmation dialog.

    Couple ideas for your product team to maintain the "security-first" culture of 1P:

    • Default the "OK" confirmation dialog to on, and force users to opt-out.
    • Allow this to be configurable on a per-vault basis. Maybe I don't care if my identity (address, phone, etc) is click-jacked, but I do care about credit card numbers. Et cetera.

    Either way, the current interaction and defaults are dumb. I'm currently on the six-month trial.
    If this isn't changed, I'll look for another solution as well as the others in this thread.

    I need a partner in security, not a babysitter, and I suspect most of your userbase feels the same.

  • verdi1987
    verdi1987
    Community Member
    edited January 2022

    One really frustrating thing about how it’s implemented is that even if you click OK for one field you have to do the same for every field on the page. It’s enraging.

  • Thanks for chiming in @derekbrown & @verdi1987! I'll be sure to add your voice to to this for our development team. Hopefully we'll be able to make some positive changes to this in a future release!

  • jefftwalls
    jefftwalls
    Community Member

    Hi, also very frustrated by this. I don't want to turn off autofill, as autofill is crucial functionality for me. I just don't want a redundant pop-up message popping up every field when I'm filling in information. The purported reason of preventing some accidental autofill seems odd, because the downside of firing that pop-up every time to all users is wildly out of line with the upside of preventing what would be a rare and unlikely user error where they auto-fill information they don't mean to and then hit submit before noticing.

    1pass is good in many ways but there's no way I'd recommend it to anyone until this is fixed. Incredibly annoying. This plus the weird, confusing double browser extension (which looks very sketchy to new users, by the way) makes me have some pretty significant doubts about the product and engineering process at the company. If both of these things got implemented without someone pushing back then it doesn't bode well for future maintenance.

  • Hey @jefftwalls:

    Thanks for your feedback here, we're always investigating making 1Password smoother and easier to use for everyone, so I've made sure that your feedback has been brought up internally.

    Jack

  • rale09
    rale09
    Community Member

    Hi, just came here to say that I too am going to cancel my subscription and switch to a different password manager because of this "OK" confirmation issue from the inline menu.

  • bcemail
    bcemail
    Community Member

    Well, searched for a solution and landed here. Looks like people have been complaining for 2 years now so doesn't seem like a change is coming. But I'll add my voice to say how annoying the OK popup is. Please change it. Even if I have to opt out or something. No other browser etc with fillable fields makes you select what you want to fill and then asks if you're sure that's what you want to do. Please fix this.

  • petecurley
    petecurley
    Community Member

    Hey 1Password Team! Thanks for all the work you guys do, it really is appreciated. Don't mind the grumps on this thread, their grumpiness comes from a place of love. It can be very frustrating when a product you love comes so close to perfection...except for one teeny thing. I've run a few startups so this feedback is all meant to be helpful. No worries if it isn't!

    My experience today:

    • I use 1Password to autofill web forms ~20x per day (yep, I counted!)
    • I click the 1Password icon on the right side of the form to trigger the autofill
    • I click "Open 1Password" when prompted
    • I scan my fingerprint to verify my identity and unlock 1Password when prompted
    • I click the 1Password icon again on the right side of the menu and select my email address to autofill
    • I get this confirmation menu and become irrationally enraged, taking me out of the flow of whatever I was doing forcing me to evaluate my password management provider. Yes, this happens every single time.
    • Repeat 20x per day
    • That's 7,300x per year that I think to myself "goddamnitmotherf*cking 1Password, of course I want you to autofill! I just took like 4 specific actions and scanned a body part. What additional confirmation could you possibly need!?"

    Jack from your team stated that the reason 1Password has this confirmation step is due to "clickjacking", which I believe. I know it's always different when you're on the builder side of the equation and need to protect users from themselves.

    Unfortunately for you guys, as a 30-year internet veteran and silicon valley tech jerk, I have never heard of clickjacking, which means I don't care about it, which means I'm not concerned about it, which means I'm completely unable to sympathize with this as a reason, regardless of how the legitimate the reason is from your company's risk perspective. Currently, I take zero preventative steps in my life to mitigate clickjacking, and that will probably never change.

    I think the question your team should be asking is NOT:

    • Is it worth forcing an annoyance upon millions of users so we as a company can mitigate our risk and reduce customer security while increasing our support load?

    I believe the more accurate question you should be asking IS:

    • Do we want our millions of users thinking "Motherf*cking 1Password I hate you and want to throw into the volcano" over 7,000 times per year?

    That's the actual choice being made here. I hope this is all helpful! Thanks team!

  • verdi1987
    verdi1987
    Community Member

    @petecurly, I love your post.

  • zobocop
    zobocop
    Community Member
    edited February 2022

    Also commenting here with the same gripe as everyone else. The 'click ok to enter' popup is infuriating, particularly on a phone. Can't believe this has been going on for years without any change. Sadly I'm quite invested in 1P now as I paid for a $125 giftcard with aim of continuously using a yearly membership, and also spent considerable time copying all my passwords out of chrome and changing them all. I guess it makes it easy to export the database to a new password manager once my subscription is over. If the devs don't change the behaviour after 2 years of complaints, they clearly aren't that bothered about what we have to say. Will not be recommending 1P to others.

  • [Deleted User]
    [Deleted User]
    Community Member
    edited February 2022

    I just wanted to say this drives me crazy too!

  • SpencerT
    SpencerT
    Community Member

    Made this account just to add another voice.
    1Password is generally so seamless that I don't think about it. So when this popup bothers me, it's all I remember. I don't think "1Password is really helpful! This one part of it is annoying, but it's still worth the money". I think "1Password is that infuriating program that can't even implement autofill properly! Am I seriously paying for this?"

    People will not be satisfied with the answer that it is a security feature. They will think "they don't require this to fill in the login, so either it doesn't increase security or the developers aren't smart enough to put a security feature on actual passwords". I understand why the prompt isn't used for logins - they are tied to the url, and a website stealing your login to the website itself is pointless while identities are used across many websites. But many users won't think that much about it.

    As a programmer, I understand developers feeling attached to features they spent lots of time and effort on. It feels like an insult to your time and skill when users won't use them. You spent all that time on the feature, so the user should appreciate it. But that's just the sunken costs fallacy speaking. A feature that drives users to avoid that part of the program is a bad feature. The time spent on development wasn't all lost though - you learned how not to implement future features. But that time was only well spent if you acknowledge the reality of how users respond to design decisions.

    Here's an idea on how to not throw away that work while making 1Password a better product:
    Make it optional for each field.

    Let me put a failsafe on only my credit card. Someone more cautious than me may want to have the failsafe on their address, but I don't. You can please both of us by letting us decide how to use the program we paid you for.

    Here's how you could implement it without it breaking the existing flow of the program:

    • Show a small checkbox to the left of each field name for "use failsafe"
    • I say the field name, because the option is only relevant in the context of 1Password. It's more similar to the field name than the value.
    • It should be on the left, because putting it on the right creates the risk of a user clicking the delete button by mistake.
    • Give it an intuitive icon, like a shield, so screen space isn't wasted by a text description.
    • Attach a tooltip to it explaining its purpose.
  • jimjenkins5
    jimjenkins5
    Community Member
    edited February 2022

    I really don't understand how, after a full 2 years of users complaining about this, you can't just add a simple preference option to turn this off.

  • zobocop
    zobocop
    Community Member

    I kind of miss the chrome password manager now :p I'm already logged in, why do I need to authenticate EVERYTHING! Although I understand this can be useful when someone else is using your device. For example, to prevent kids from 'accidentally' buying themselves more toys.

  • Hey folks,

    Thanks for your feedback on this (especially your meme @petecurley! 😁). While I'm not in a position to be promising anything, this is something we're taking seriously and continually evaluating as we work to make 1Password better. We wouldn't be here without the great feedback our users provide to us, so it's greatly appreciated, and hopefully in the future we can improve the state of play here.

    Jack

  • petecurley
    petecurley
    Community Member

    You're welcome, Jack! And thank YOU for the kind words.

    Now back to business.

    We are a peaceful people, but we will not rest until we have achieved unnecessary-dialog-box justice. The sweetest of justices.

    I will post one meme per day until our humble requests are met.


This discussion has been closed.