Filling on obscure Twitter login pop-up

Is this the place where you want people to post about problematic sites? Or is there a place to merely "report" such things without making a public statement and occupying your time responding directly?

With Safari, and with Firefox using the classic extension, if you aren't on the Twitter home page or the Twitter Login page, but are just browsing pages while not logged in, you can click a "Have an account? Login" button in the top right, and it pops down a little window. Very hard to auto-fill it.

You can try CMD+\, but the Twitter pop-down closes, but if you open it again the username did get filled, but I haven't managed to accomplish the same with the password field.

Right-click > 1Password has similar problems.

Meanwhile, when you try to fill the password field, 1Password is left on-screen with the Autofill button enabled, but the pop-down and password field disappear. Seems a bad time to proceed to click the Autofill button. Are there any safeguards, or is there a risk of filling some non-password field? And what are the consequences of that? I suppose there could be many, just as bad as typing a password in the wrong place.

1Password X with Firefox works better for this unusual login. It fills the fields and the Twitter pop-down remains open the whole time.

Anyway, one way you can test this out is just directly go to twitter.com/someonestwittername without first logging in.


1Password Version: 7.3.2
Extension Version: 7.3.2
OS Version: macOS 10.14.6
Sync Type: 1Password

Comments

  • Hey @Tonetony, I'm really sorry for the delay! I was able to reproduce this issue and as it turns out this one is something our devs are aware of. To your first question, yes, this is a great place to let us know about sites that fill problematically, so thanks for letting us know!

    The brain behind 1Password filling is only going to fill in properly designated fields (i.e., a password is filled in a password field), and 1Password also only fills on a website that matches the website stored in a particular item, so there's very little risk here of things filling in a way such that your data is at risk.

    ref: xplatform/filling-issues#593

  • Thanks for the response. Very helpful.

    I've been curious, and one of these days I've been planning to look at some html to see how password fields are identified. I suppose any web sites that handle logins in an entirely non-standard way won't work with password managers unless you set up some specific "rules" for them - which makes sense to do when popular sites are affected.

  • You're welcome! Indeed, behind the scenes in the HTML is usually pretty clear what fields are what, but sometimes sites are developed in "cute" ways that prevent or confuse 1Password from filling, and we do our best to keep up with those (and interpret fields based on a number of different clues), but it's a never-ending battle. In the case of that Twitter pop-up, it's actually labeled in a clear way, so I think our older extension is just interacting with the page in a way that the page interprets as wanting to close the pop-up. Here's what that password field looks like, for example:

    <input type="password" class="text-input" name="session[password]" placeholder="Password" autocomplete="current-password">
    

    Things are actually labeled quite nicely here. :smile:

  • That does give a few hints 8-) . So now I know how those temporary "hints" show up and disappear when you start typing in a field.

  • :glasses: Glad I could enlighten you some. Let us know if you ever have any other problematic sites. Cheers!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file