No fill option, only open & fill

danrockstone

I am using the chrome app on my macbook pro. When I am on a page where I want to fill certain credentials I don't have an option to do so, I always have to painstakingly copy the username, then copy the password, with 1password closing in between.

The only option is to Open & Fill, wich will open the site I originally saved the credentials with.

Since I am a developer and constantly adding new staging environments, locally and remote for my projects, I often have to use the same credentials on different sites. I am aware that I could add all these sites to all the credentials associated with them, but that seems like a hassle.

When I am on a page with password fields, and I open 1password and search for specific credentials, my intent is clear. I can't imagine there isn't a way to do this, so please let me know how I can fill the current page with whatever credentials I have searched for.

Kind regards
Daniel

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Fill

Ben

Hi @danrockstone,

1Password intentionally does not do that. I understand that desire but there are good reasons why we don't (largely to help prevent phishing). In order for 1Password to fill credentials into a site the domain of the page you're viewing must match one of the website fields on the login item. For example, to fill a login item on this page you'd have to have agilebits.com saved in one of the website fields on that login. You can specify multiple website fields on a login if needed.

The idea is to prevent you from, for example, accidentally filling your 1password.com (one password dot com; us) credentials on lpassword.com (L password dot com; potential phishing attempt). Visually they look the same, and someone could easily be fooled into handing over their credentials. If we allowed arbitrary filling, without doing any address matching, there would be nothing stopping this. Now of course you could argue that we're not really stopping it because you're just going to copy & paste the credentials anyway. The point is that 1Password not filling should be a red flag indicating to the user that they should verify they are where they think they are.

This isn't a protection that we're willing to consider removing, but we're certainly open to ideas as to how we might be able to help folks running into the situation you find yourself in. Do you have any thoughts as to how we could make this experience better for developers such as yourself without removing important protections?

Ben

danrockstone

Hello Ben,

thank you for taking the time to explain this to me. I can certainly see you concerns.

I think a good solution might be to have the button as a combobox (I have seen this referred to as a split button also), where the default action is always open & fill on pages not associated with the selected credentials, and only when opening the dropdown can we fill the current page, maybe even with a little indicator that the current page is not associated with the selected credentials.

Although I am not sure how that would fit with your design, a quick way to enter any credentials on any page would certainly make my life a lot easier.

Kind regards
Daniel

AGAlumB

@danrockstone: Mmm Combo box...

Ah, sorry, got distracted!

Anyway, we really don't want to offer an option that helps someone give sensitive information to the wrong site, because a lot of people will use it and fall prey to phishing attacks like Ben mentioned. Put another way, the design could certainly work, but we've intentionally avoided doing anything like that because the risks are much greater than the inconvenience of needing to copy and paste occasionally. If that makes the user stop and think about where they're pasting before they do it, that's a good thing. I am totally okay with people getting a little bit mad at us for making them do that if it means fewer people filling their PayPal.com login credentials into PayPa1.com.

And of course if you do find yourself frequently needing to copy and paste login credentials fro one site into another, you can always add multiple URLs to that Login item. That means you're deliberately allowing 1Password to fill there, and that doesn't hurt anybody. Cheers! :)