Suggestion Alternative Login indentifier required

ianonlineianonline Junior Member
edited July 2010 in 1Password 3 – 6 for Mac
I'm not sure if this has been suggested already but it would really help a lot if users could select an alternative login for sites that use a third party service under their own domain name. For example, Disqus, Blogger, Tumblr, Posterous and Get Satisfaction to name a few, can be embedded or used with a custom domain so that it looks part of the site, but it still requires the login details for the third party service, so identifying the required login from the domain in the address bar does not does not work in this situation.

I suggest an alternative method to find the required login, perhaps a searchbox that pops up when requested, or a menus and sub-menus under 1Password in the toolbar and context menu (although that could get complicated with a lot of logins as I have).

Comments

  • BenBen AWS Team

    Team Member
    edited December 1969
    I actually just ran into this earlier with our Get Satisfaction account. Thanks for the suggestion. :)
  • GroxxGroxx Junior Member
    edited October 2010
    Request / potentially a bug report for the plugin (Firefox, at least):

    Given 3rd party services like Disqus (among many others) which log you in via an iframe, it seems logging in should respect *only* the frame in focus and nothing else. That way, as long as the login frame has focus, it gets treated identically to logging into the provider's website, which it precisely what it is.

    Hypothetical situation if the frame isn't respected (not sure if it does this or if it just doesn't fill in the field, but...) :

    1. You have a login for site A
    2. You have a login for site B
    3. Site A loads a full-frame iframe of site B
    4. You fill fields, and submit
    5. B received your A login


    The alternative is that your attempts to log into what's apparently the site you want, and is being served by the site you're trying to log into, have absolutely no response. It behaves as if you have no login for B, which is incorrect. Iframes are secure, why not use them?
  • khadkhad Social Choreographer

    Team Member
    Hey Groxx,

    Thanks for raising this good issue. I do not know the full logic behind the current situation, but my guess is that we prioritize the URL displayed in the address bar over any "hidden" (read: iframe) URLs. Users see the site in the address bar and save a login based on their trust of that site. If the site uses iframes, they are trusted with not abusing the privilege.

    On the other hand, if a user visits a malicious site, it could load an iframe that makes it look like they are on a site for which a user has saved a login.

    I don't know for certain, but I imagine that factored into the decision. We are always looking to improve, and I will pass this along to the developers.

    I'm sorry I don't have a better answer for you at this time.
  • +1 for this. I find it particularly annoying with all these embedded disqus comments.

  • +1 for this, can't believe it hasn't been fixed in almost three years!

  • khadkhad Social Choreographer

    Team Member
    edited July 2013

    +1 for this. I find it particularly annoying with all these embedded disqus comments.

    Could you give an example URL? I'd love to take a look and make sure 1Password is behaving as designed.

This discussion has been closed.