how does 1password deal with websites requesting passwords be re-entered
My bank has asked me to re-enter my login password to confirm an action/request. I didn't think about this when I set up 1password for it and got it to generate a login password so now I can only view my account, not carry out any transactions. How do I deal with this? I'm intending using 1password on my desktop (Windows 10), mobile phone and tablet (both Android)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Dropbox
Referrer: forum-search:how does 1password deal with websites requesting passwords be re-entered
Comments
-
Hello @beth_harvey,
While I can't say with 100% conviction, something I reserve for when I've personally tested it, I do believe 1Password will handle this with no issues. So my assumptions are the page you're asked for confirmation on contains just a password field, that's one where each character is replaced with • and that the domain is the same as the login page, e.g. the login page for the Santander bank here in the UK is https://retail.santander.co.uk and if they were to request re-authentication that the URL would start the same, https://retail.santander.co.uk. If those two criteria are met the matching domain would mean your existing Login item would match and when we see a page with a single password field and an attempt to fill we assume the password component of your Login item is being requested.
This scenario is how it works with Amazon where I do seem to get relatively frequent requests for re-authentication and I don't give it a second thought, I go straight for
⌘\(the keyboard shortcut on the Mac for filling the current web page).On Windows you also have something called auto-type and I confess I'm not up to speed on Android as I still am yet to own a device on that platform. We have two pages that might be of use here though.
I hope this helps but please do let me know if you're still having troubles at all as we can't have you essentially locked out of your bank account. I know you have read access but I'm sure we're both thinking the same thing, looking at a balance really doesn't help pay the bills.
0 -
My bank uses 2 URLs, one for the initial login and a different one for re-authentication. I had a look at the article on creating multi page logins but it doesn't work for me/my bank. I wanted to delete this particular login completely but can't find a way of doing it - is that correct? I'm using the demo version at the moment, does that make any difference?
0 -
Hi @beth_harvey,
The trial mode allows you to use every feature of 1Password, basically it's full copy of 1Password that has a 30 day window in which you can add as much as you want to your vault. At the end of the trial period we will restrict your ability to add new items but we won't stop you from accessing your vault and using the items already there. Part of 1Password is about is to allow you to create horrible passwords for each site and any possibility of denying access to those at the end of the trial is tantamount to blackmail. That's never cool and that isn't what we do. Going back to your question, if we can work with your bank then we'll work regardless if you're testing a trial or running a fully licensed copy.
In 1Password for Windows deleting an item in your vault should be as simple as either:
- Right clicking on the item and selecting the Delete menu option.
- Selecting the target item and pressing the delete key on the keyboard.
I believe both replicate ways of moving an item to the recycle bin in file explorer.
Our guide for multi page logins is for when the initial login is spread over multiple pages and you need 1Password to learn certain values from the two pages. Your situation is slightly different so I wouldn't expect that page to be as applicable to you.
Now to the two URLs that your bank use. Without going into the specifics of your bank, a (very) rough view of a URL is as follows
http(s)://[subdomain.]domain/pathThat looks a bit weird but the idea is a subdomain is optional, but does form an important part of the full domain. To try and make that a bit clearer,
accounts.google.comis the full domain for logging into a Google account in contrast togoogle.comwhich is their search engine page. For us the important part is what we're talking about. If your bank uses two very different domains then we'll need to add a second website field and also tell 1Password for Windows to use multiple URLs. If it's just the path bit that is different this shouldn't be a factor unless the two authentication pages are radically different.If you edit a Login item from within the main 1Password window you can add URLs via the Add URL button but to have 1Password for Windows utilise these additional URLs you also need to enable an option titled Enable multiple URLs in the Logins tab of 1Password's preferences.
It might be it's more complex than this and we need to delve into the instance in more detail. If you are comfortable talking about which bank in these forums we can do so here or if you'd rather keep such discussions private we can communicate over email in our ticketing system.
0 -
I'd prefer to communicate over e-mail please, how do I go about it? Thanks
0 -
Greetings @beth_harvey,
You should have an email in your inbox from us now :smile:
ref: LEX-85734-778
0
