Why was auto-submit removed? [Intentional; auto-submit not returning]
Comments
-
Glad to see it gone ... there are evil individuals out there who will embed hidden forms on a page in the hope that the data will be auto-filled and submitted without your knowledge. I'm much rather have to hit the submit button that have usernames/passwords stolen.
0 -
@slboettcher - when we learned from Apple about the upcoming changes in Mojave, we obviously had a choice to make: accept it, or try to find some custom way around it. After thinking about the change, who it would affect and how much, as well as Apple's reasoning for doing it, the choice was pretty clear. Auto-submit has never existed in 1Password for iOS, also for OS-imposed reasons, and it doesn't exist in 1Password X, either. Our implementation of it in 1Password for Mac was - as the announcement said - both a custom workaround, and not aging well in the modern security environment. Given auto-fill's unique spot in the Mac landscape, and the fact that we'd have to come up with yet another, more elaborate workaround to try to maintain the functionality, we made the decision to let it go. As you say, we've all been conditioned to press "return" or "enter" to execute commands on our computers; that neural pathway will return quickly -- and one more key-press isn't a lot for the added security it provides. Thanks for understanding. :)
0 -
@John Galvin - yep, that was pretty much our take on it as well, after only a few minutes of consideration. It was a shock to us at first, too -- auto-submit has been a treasured part of the 1Password for Mac functionality for years now...but Apple were right, and its time had come.
0 -
Resurrecting an old thread, but I just upgraded from 6.8.3 to 7.2.1 and have the issue described here. However, there is no option box to check in the "Browsers" tab in 1Password preferences to "automatically sign in after filling usernames and passwords." Has this functionality changed in 7.2.1, or am I missing something? I am using 7.2.1 downloaded from the 1Password website, not Apple App Store. I have a stand-alone license, not the subscription model.
0 -
I guess I'm still confused as to why people believe Apple removed the ability to do this (vs. just changing the security around it). My own scripts (and a few other third party apps) still send simulated keypresses in Mojave without issue. Automator certainly wouldn't be terribly useful without the ability! The only difference is now the first time they try (if the app doesn't think to warn me first), System Preferences alerts me that I'll need to allow the app to "Allow Assistive Devices" (a.k.a. send simulated keypresses). I do so, and they work, just as always.
If all 1Password was doing before was running an AppleScript to
'tell application "System Events" to keystroke return'immediately after filling a form, could those of us power users willing to give 1Password this access be given the option to hack that back in? We'd really just need to know where to put the script, what to name it, and what executable to add to the Accessibility section of Security & Privacy to allow it to run.I suppose an alternative method would be to define a new keyboard shortcut (or take over 1Password's shortcut) that would call an Automator Service/AppleScript that acts as a wrapper. It would first need to activate 1Password to get the auto-fill and then would need send the return keypress. I may have to look into that if there isn't an official solution. If I do get a chance to make that, I could post it here for those interested.
0 -
Thanks for the reply, even if it's not the one I was hoping for. By the way, I did try searching multiple ways but didn't find anything.
0 -
This discussion was created from comments split from: Auto Submit Broken in iPW 7.0
-
@tim_kite: You'll see that some folks here with older version have the autosubmit script installed, and this produces an error. That's what's meant by Apple having removed this capability with the release of Safari 12 and Mohave. It really seems to me that it would be less work for you to press Return than to try to work around that. And certainly we're not going to try to find ways to circumvent this. It may be harmless for 1Password to send keystrokes, but less-than-savory apps could also use that to their advantage.
0 -
I thought I was going crazy, since I remembered auto-submit stopping working after upgrading to 1Password7, not after upgrading to Mojave. Sure enough, I reinstalled 1Password6 and auto-submit is working fine on my Mojave machine.
If anyone else wants to revert to 1Password6 and have auto-submit work without an error, all you need to do is go into System Preferences, Security & Privacy, Privacy, Accessibility, then check the box for 1Password mini. Local opvaults and 1Password accounts should revert without a fuss. Don't forget to uninstall 1Password7 first or you'll get dueling 1Passwords! Keep in mind you're losing dark mode, the fancier 1Password mini, and the new Watchtower features to soothe your muscle memory. For me the muscle memory is winning for the moment. I guess I have a year to figure it out before the "regular" Safari extensions go away.
I won't speak to the security concern question considering I'm the one who already admitted he's allowed Terminal to simulate keystrokes in Mojave. However, aside from allowing massive things like "Terminal", "SystemUIServer", and "Script Editor" access to simulate keystrokes, if you're just allowing 1Password mini, I don't see how that's a security risk. Only 1Password mini gets to send keystrokes, whereas randomfile.app can't. If 1Password mini gets compromised, I have bigger things to worry about than if it can press return when I don't want it to.
0 -
Now that I understand what's happened, I have to say that the objections to this change seem rather insignificant, at least to me. On the Mac keyboard, the Enter key is immediately below the \ key. One needn't even move the finger more than a fraction of an inch down to hit Enter after ⌘\ . There is more fuss if the site requires a mouse click to submit, rather than accepting an Enter key press. I don't actually know how many of those I use.
I'm much more put out by sites that prohibit copying from the keyboard into the password field. Those I do encounter regularly, it seems.
0 -
FYI
I am using 1Password 7.0.7
Mojave and Safari 12
and Autosubmit works flawlessly, no error message, just working as it always didSo I am sticking with 7.0.7 on my production Mac for now,
using 7.2.2 betas on my home Mac just to see if other websites filling problems get solved
0 -
I'm using Mac OS Ver. 10.13.6. I've entered several websites in my vault and first of all I'm not sure where to click other than using the "open" function to the right of the site listed. Then, I still have to enter my Amazon username and password. Nothing gets filled in automatically. I did my best to look at a few videos and get it right bu "no bueno". What am I missing here? Any help provided is appreciated.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
I feel like everyone is missing the obvious, why is sending a keystroke the only option?
You're already targeting the fields so finding the closest FORM element and just triggering submit is perfectly fine and well within an extension's abilities.
Failing that, you could find the input type submit button and trigger a click on it.
You can also inject a JS function onto the page that includes the return key trigger and then call your function from the extension then you're not "sending keystrokes" from the extension.
Are any of these possible? If not, I'm going to whip up an extension that watches input fields for when 1Password adds the
com-agilebits-onepassword-extension-animated-fillclass and trigger the form submit that way. :)0 -
@insidescoop1 - what version of Safari are you using?
0 -
@obfuscode - part of the reason we're not pursuing other options is because none of them work as reliably as a return key press. Form elements are not guaranteed, we've seen plenty of formless sign-in pages and in the past we've found trying to simulate clicking on buttons quite error prone. We used to simulate pressing the enter key in the browser but that was removed because browsers disallowed it as well. If it cannot be done reliably then it's better not to at all. But the primary reason is that Apple is specifically tightening security in this regard, and after weighing the cost to the user: one extra keystroke (which is, as @hawkmoth observes above, directly under the backslash key), we decided to not look for ways to code less-reliable means of circumventing the spirit of Apple's changes.
0 -
@obfuscode: We've done something like that in the past, and it just isn't reliable. If all websites used standard web forms, that would probably work. But then 1Password would pretty much be done too. The reality is that very few websites adhere to standards, and a feature that works only rarely is worse than no feature at all, I'd argue.
0 -
I understand the reasoning, the impossibilities and all implications, but I just want to express my disappointment in the removal of the AutoSubmit.
I KNOW you aren't at fault, it's not a complaint to you (Agile), but a note of disappointment in general.
I spent half an hour today trying to figure out why it didn't work, only to find myself here, reading close to nothing but the same feelings I'm having.If we can "document.forms[0].submit()" in Javascript, then why can't 1Password.
I really do not see the security improvements with not allowing a browser extension, but allowing Javascript (of all things) to auto-submit ...
0 -
I came here to complain... but I've read the whole thread and I'm actually happy it was removed. As someone said earlier, security is way more important that convenience. This is a fair tradeoff. Thank you, 1Password team. More than auto-submit, I want to make sure my computer and passwords are safe :)
0 -
I just read this thread end-to-end.
Most of what I read is just grousing about having to (slightly) modify keyboard or clicking habits, not even considering that the Apple interface has been mutable, especially in security related matters, for years. The only really supportable objection is regarding the Agilebits documentation. Calling the change in 1P 7 a "fix" at the bottom of the release notes is less than useful to most users. It is not a "fix" from any user viewpoint. This is a major change in that it does require users to modify how they use 1P 7.There should have been a locked top entry in the Mac pages echoing what should have been touted as a top-listed "change" in the release notes -- perhaps something like:
NOTICE: Apple has changed the security rules regarding how 1 Password may interact with applications. In Safari, autoFILL is unchanged but autoSUBMIT is no longer supported. Clicking a login button or pressing the Return key is now necessary to complete a 1Password-assisted login.
I still love and recommend the product. 8-)
0 -
Thanks to everyone for weighing in here. Even if it might not seem likely when reading through one of these longer threads with numerous people upset about this or that change, we really do value every bit of feedback we receive. It helps us get the temperature of the user community, and every post means someone cared enough about the direction of 1Password to use some of their own valuable time to let us know. That's pretty awesome -- and certainly way better than if we just released new versions to thundering silence or indifference. We aren't part of a larger corporate parent, and we don't have any VC money or investor consortium to answer to -- YOU people are our only "bosses," and that's just the way we like to work: answerable only to our own vision of what a good password manager is, and to our user community. So thanks again, and let us know any time you see something you think we should hear about.
0 -
I'm trying to change a login entry from "Fill" to "Fill and Submit", but when I choose to edit the entry, the display option shows but "Submit" is missing.
1Password Version: 7.2.1
Extension Version: 7.2.1
OS Version: 10.13.6
Sync Type: dropbox0 -
I'm using 1Password 7.2.1 on a mac running Mojave. While the autofill feature of the 1password extension still works fine, the autosend feature stopped working. I always have to click on the sign-in button of webpages. Please help.
1Password Version: 7.2.1
Extension Version: 7.2.1
OS Version: OS X 10.14
Sync Type: dropbox0 -
@sixbillships: Sorry for the confusion. As mentioned above, the autosubmit feature has been removed on macOS since it is no longer allowed to send keystrokes due to security concerns. However, in most cases, 1Password can leave the password field focused so you can simply press Return.
0 -
That's a change due to Apple's improved security, and nothing can be done about it. It's probably easier to press Return (which almost always works) rather than to mouse to the signin button and click.
If you want more details about the change, it's been covered in several other threads.
0 -
:) :+1:
0 -
I believe it should be quite easy to implement with a Keystroke app, such as Keyboard Maestro. Just setup a new shortcut that does the Cmd-\, wait 1 second and send a Return.
Personally, after using the new security paradigm for awhile, hitting the return is second nature now. Plus it gives you a quick confirm incase the wrong account was auto-filled.
0 -
Or CATPCHAs. :scream:
0
