Website helps (NOT!) by obscuring Username...
MESP (misaves.com) employs a scheme on its login page (secureaccountview.com) that is causing some issues with 1Password.
Evidently, the site allows the user to type in a username but then "cloaks" that username by replacing some characters in the middle of the string with asterisks (so '1Password' becomes '1Pa***ord' after entry). When storing or updating 1P's login entry for the site, the asterisked username is stored instead of the plain-text version, causing loss of the username in 1P's database as well as problems with subsequent site access attempts. It appears that Autofill cannot be used because the site obscures or disguises or hides the name or existence of the Username field so 1P can't find it in order to attempt (and then fail) to fill it properly. The Password field appears to operate normally.
I spoke with the good folks at MESP, but they seem to feel the username "cloaking" is a feature, not a bug. Any workarounds I can try to stitch this thing together and get it to behave? Thanks in advance for any pointers.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @williakz – thanks for the detailed report! I want to make sure I'm testing the right extension, so could you let me know which version you're using? We currently have the desktop-dependent extension as well as 1Password X, so that's the main reason I'm asking.
Let me know; I'm here to help.
0 -
I'm sorry, I forgot to fill in the goodies:
1P7 Mac on macOS (both latest non-beta). 1PX Chrome (both latest non-beta). Problem also occurs on macOS with 1PX Firefox (both latest non-beta) as well as on iPad with 1P IOS (both latest non-beta). I don't use or have installed any "desktop app required browser extensions." Also, all browser/cloud password storage/autofilling has been disabled, leaving 1Password in full control.
0 -
No worries, @williakz! Thanks for the additional info. This site definitely doesn't do us any favors by concealing the username and adding a couple extra hidden fields in there. The concealed username is a pretty easy fix by editing the item and replacing the asterisks, but the hidden field is what's giving me the most trouble. I've been able to get the username to fill super briefly, but eventually it no longer fills. :cry: Our best option for consistently filling the username is going to be opening the 1Password X pop-up and dragging the username to the username field. I'll go ahead and get it reported on our side to see if there's anything we can improve, though.
ref: dev/core/core#690
0 -
Thanks a bunch, @kaitlyn. It's starting to dawn on me just what a security jungle you folks have to hack your way through on our behalf. I'll manage with MESP, especially as my need to login is fairly limited. I just thought the issue might be a tasty tidbit to feed the elves.
0
