Manual seach not possible with autofill option

Hello

When trying to log on a new site or a site with different domain name, 1Password is not allowing me to search my vault. Instead it only shows option to create a new entry.

Sample example, I have Amazon entries, amazon.com, amazon.de and I want to login amazon.co.uk. There is no option to search vault for other Amazon entries.

Workaround is manually enter additional domain names into existing entry, or create new entry.


1Password Version: 7.3.5
Extension Version: Not Provided
OS Version: iOS 13 Public Beta
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @Naxterra

    The reason we don't offer search there is because we wouldn't fill there anyway, as an anti-phishing measure. It is designed to give people pause when encountering something like this example scenario:

    1. Search using a search engine for 1Password in an attempt to log in to 1Password.com
    2. Accidentally click on the result for iPassword.com ("eye password dot com") instead
    3. No login items appear because none are saved for iPassword.com.
    4. "I know I have a login item for 1Password.com! I'll just search for it and fill it that way."

    (I don't know what the contents of iPassword.com are but for example's sake lets assume it is a phishing site trying to steal credentials from 1Password users)

    Workaround is manually enter additional domain names into existing entry, or create new entry.

    That is indeed the current solution. We don't want to further enable the sort of phishing attack I described. There have been some discussions internally about how we might be able to continue to warn people (perhaps even more overtly) when they might be encountering phishing while reducing the friction for scenarios like you've described. I can't make any promises at this stage but it is something we're aware of and would like to improve if we can do so in a secure way.

    Thanks for taking the time to write in about this. :)

    Ben

  • Hello

    Thanks for explanation. I did furthermore testing. It works same in Safari and Chrome, no ability to search vault, only create new entry, but when it comes to applications it shows whole vault. Is that intented too?

    Like when I try to login Amazon app or Telekom app, it shows whole vault, not even trying to match entries with apps

  • brentybrenty

    Team Member
    edited August 12

    @Naxterra: That's how iOS Password Autofill works. The app developer is supposed to add "associated domains" to their app, which allows iOS to match it to saved login credentials for Autofill. When they do not though, iOS needs the user to search to find it, as there is no way for iOS to know which is correct otherwise.

    I'm not having that problem with the Amazon app though. Maybe you're using a different one than me, and it hasn't yet been updated with an associated domain.

  • @Ben Thank you for your explanation because I was also confused about this behavior. I understand why it is designed in that way. However, it is undoubtedly inconvenient sometimes, and I am really looking forward to a solution. As you know, it is widespread for some big companies to have several different domains using the same login account.

  • ag_anaag_ana

    Team Member

    @eric_the_red: we are discussing how we can improve this behavior, so that is certainly on our radar ;)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file