1password inserts username into password slot

Options
lhunsicker
lhunsicker
Community Member
in iOS

When I enter my USBank website from my laptop, 1Password works fine. But when I run it from my iPhone, 1Password enters my username instead of my password when it gets to the page requiring the password. It used to work correctly, but now I seem to have to copy my password and paste it into the password slot. Doesn't your program recognize where it is supposed to be inserting the password rather than the username?

1Password Version: Current iOS version (?how to look this up)
Extension Version: Same
OS Version: iOS 9.1
Sync Type: Don't understand what you are asking.
Referrer: forum-search:1password inserts username into password slot

Comments

  • ag_kevin
    ag_kevin
    Options

    Hi @lhunsicker ,

    We've seen a few other reports for usbank similar to this one. It could be your bank's mobile web page is coded differently than the regular non-mobile web page. Our developers are looking into this issue.

    Regards,
    Kevin

    ref: OPX-1077

  • lhunsicker
    lhunsicker
    Community Member
    Options

    Yes. I just called USBank. If one accesses their site using a hand held device, their site detects this and takes one to a different URL. Evidently they have set up their authentication differently on the mobile site from what they have on the site that one is directed to from a laptop. They appear not to have considered the possibility that one might be using a system like 1password. I am trying to create a second login to use from my iPhone. But the new login doesn't fill in the password. They may be calling this variable something different from "password." A real nuisance.
    Larry Hunsicker

  • lhunsicker
    lhunsicker
    Community Member
    Options

    An update. I think that the problem is that their mobile website authentication page doesn't permit "instantaneous" insertion of the password. When I (laboriously) typed it in by hand, the password was accepted. When I copied the password and pasted it into the password slot, it was not accepted. I am aware that other sites also have a limit on the rate at which they accept characters inserted into the password slot -- presumably to assure that the password is actually typed in by hand and not pasted in. 1Password may need to have a mechanism by which one could slow the rate of entry of the passwords so that they look as though they were entered by hand.

  • Ben
    Ben
    Options

    Thanks for letting us know, @lhunsicker. Unfortunately it seems all too common that banks use security measures that really don't add much if any security ("security theater") that really only hinder legitimate users.

    At one point it was becoming common practice for banking apps to disallow the pasting of passwords into their apps. Obviously this is a huge inconvenience, and has no real security benefit. We were involved in a campaign to get them to change, and many did. Perhaps we need something similar for these other measures.

    Thanks.

    Ben

This discussion has been closed.