secure.sbanken.no saving and filling issues

This discussion was created from comments split from: manual save login doesn't fill form properly.....

Comments

  • Do I understand 1Password crew correctly that the procedure described here:

    https://www.macobserver.com/tmo/article/save-and-fill-online-form-entries-1password

    ..Does not work anymore, that the functionality was removed in order to focus on pure login forms with only a username and password?

    See the login on one of the largest Scandinavian banks:

    https://secure.sbanken.no/Authentication/BankIdMobile

    With the items

        MobilePhone [number]
        BirthDate [number]
    

    correctly stored in 1pass vault under "Web Form Details" if saved manually. - But they are not autofilled no matter how I change their status in the 1pass item, or how I add them as an Identity.

    ...or did I misunderstand something fundamental?

    Because on the 1Password Tour Page https://1password.com/tour/ it is explicitly stated:

    "Our automatic form filler allows you to sign in to your online accounts with a single click, look, or touch."

    ..which the above discussion seems to contradict.

    Please advise,

    hs

  • brentybrenty

    Team Member
    edited May 10

    @haak0nst0rm: I've never seen that article before, but it's dated 2016. It was the case even then that "arbitrary web form" filling wasn't a thing in 1Password, not something that's changed. My only guess is that they tried it in one or two places where it happened to work and assumed that it was meant to, and that it would everywhere -- sort of like when I was a kid and I thought that closing the windows caused it to rain, because it coincided with my mom going around the house closing them to keep it from getting wet inside. :lol:

    Anyway, can you clarify what you think is the contradiction? This discussion is about trying to fill a support request form, while 1Password's filling is meant to help you "sign in to your online accounts", which is not really the same thing at all -- login forms are technically and practically very different from other types of web forms, which is intentional and standardized since it's such a common function on websites.

  • I'm sorry if I hijacked the thread. To add to it: I completely agree with you to keep focusing on authentication and authorization issues and not forms or automation. Most browsers have form filling built-in, and/or extensions or APIs to enable automation. For example, 1p still lacks even basic private/public key handling for e.g. ssh that propably is on the to-do list.

    That said, my issue is right in the middle of 1p core functionality. I'm trying to save the first step of my authentication (login) form to log in to my online bank, sbanken.no. It has a second step, BankID on Mobile, which can't be handled by 1p and that is by design as it's a 2FA solution that requires a smartphone and a BankID connected SIM card. But the first step requires filling in your phone number (for the SIM) and your birth date. This is a job for 1p, It doesn't work today because neither of those two fields are a password field. The forums are filled with a tightly related issue, and that is where logins require more than a UID + PWD to log in, which 1p don't handle, and as I now perhaps understand, don't aim to handle. It's not the end of the world, but people pay 1p to solve logins, and expect 1p crew to at least acknowledge it should be able to handle this and that perhaps state something like "it is work in progress, but no ETA" .

  • brentybrenty

    Team Member

    @haak0nst0rm: Thanks for clarifying! Let's not get too far off topic here. You keep bringing up such interesting things, so maybe creating a new thread for something else would be best. :) But I will say that we've wanted to do something cool with something like GPG for a long time, because it's a neat technology that frankly is usable by almost no one (relatively speaking). Perhaps we'll be able to do something in that area someday. :)

    Regarding the main issue you're describing, I've split this off into a separate discussion so we can focus on that here and now. The bad news is, unless I'm missing something on the site, 1Password is, as you surmise, having trouble saving or filling there because this page does actually not contain a login form at all:

    https://secure.sbanken.no/Authentication/BankIdMobile

    You're 100% right to want to use 1Password to sign in if that's the purpose there, and dang it I wish it could and hope we'll find a way. But as it stands 1Password is designed heavily around web standards, and pages that don't use standard login forms (as you note, there's not even a password field; and it appears that there's only phone number and birthdate fields) are going to tend to be problematic.

    I will file an issue and bring this up with the team to see if there's something we can do to help without breaking 1Password with other things. But if there is an actual login page for the site which you can direct me to that may be useful, for both of us. I disagree that 1Password should be expected to magically know that a page with only phone number and birthday input is for logging into something, but I totally get why you'd want to use 1Password there, and if there's a reasonable way for us to make that happen I think we should. :)

    ref: xplatform/filling-issues#521

  • Settings for Brave Browser and Chrome:

    Settings for Safari:

    Disabling "Addresses and more" in Brave and Chrome:

    • enables 1pass Identities to work
    • disables filling in all other forms (that 1pass refuse to impement, which it should)

    In order for 1pass to be a complete utility for people, form filling should be implemented.
    This way there is a centralized, syncable repotory for forms and fields.
    Forms and fields are not saved haphazardly in every different browser on all platforms.
    This is a core issue many many times complained about in the forums and should be addressed.

    RE: GPG
    You're propably aware of the security issues around GPG/PGP, implementation-wise

  • brentybrenty

    Team Member

    1Password isn't designed as or intended to be "a complete solution"; it's a password manager. Our focus is on making it the best it can be for that purpose. Otherwise it would be "sort of okay" at being "a complete solution", and "sort of okay" at being a password manager. It's possible we may branch out more in the future, but not having unlimited resources, we're going to use them where they matter to us and the vast majority of our users: login filling. Certainly "generic form filling" comes up from time to time, but we're talking once every few months or so; whereas nearly all day every day we're working on login filling based on direct interactions with customers. Thanks for understanding.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file