Am I the only one who

has noticed that more and more websites are detecting and blocking the use of password managers?

I will try to use 1Pwd to log in but I'm told the password doesn't match what is on file. However, when I copy-and-paste the password from 1Pwd into the site's field, the password is accepted.

It is almost as if they are trying to make us use less or non-secure means of storing passwords!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • danco
    danco
    Volunteer Moderator

    You may be right that sites are disabling password managers. But another reason why filling from 1PW does not work but copy and paste does is that your chosen password is too long for the site. Many sites don't say what length is accepted, and silently appear to accept a long password but actually truncate it. Because of the way filling works differently in the two approaches, such sites will accept copy and paste but not 1PW filling

  • romad
    romad
    Community Member
    edited October 2018

    I don't think that is it because the logins are ones that are used at least weekly and were working before. Unless, of course, the site may have shortened the number of characters required.

    Here is an example of the requirements of one site:

    Password Requirements
     8-32 characters
     Uses Aa-Zz 0-9 - _ . / \@ $ * & ! #
     At least one letter and one number
     Can't be the same as your username
     No spaces

    Each of those requirements has a check mark (  ) beside it to show my password meets the requirement. Yet I get this message:

    What you entered doesn’t match what we have on file.

    So basically, if I manually type in my username and/or password, or if I copy-and-paste my username and/or password, then my username & password match what they have on file. BUT if I click on the login in 1Pwd and have IT file in the username and/or password, the site rejects it.

    Is it possible that what Agilebits uses in 1Pwd to enter the login fields is the same thing that a bot uses, so the site thinks it isn't a person entering the data?

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @romad,

    danco's explanation covers the majority of ones we see and through personal experience I've learned that sites aren't always accurate with their password requirements. Thankfully these instances aren't common but it's usually a battle to figure out the real requirements whilst still trying to have a strong a password as possible.

    The easiest first test to try is to create an entirely new Login item using the steps outlined on our How to save a Login manually in your browser page. Does the new item work any better than the original and if it does, has it recorded the same username and password as the original?

  • romad
    romad
    Community Member

    BTDT. As I said before, the logins worked just fine before but in the last year or so, I started having problems using 1Pwd with certain sites. If I type in the info manually, then everything is copasetic, ditto if I COPY-AND-PASTE the info in. The ONLY thing that triggers it is letting 1Pwd enter the username and/or password.

    As I said in my last post, I'm beginning to suspect that auto-entry by 1Pwd and possible other password managers are triggering an anti-bot security setting on the site. I'll try to make a list of sites where I have this problem to see if there is a common thread. One site where I definitely have the problem is the Capital One website.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @romad,

    I would still request that you try a new Login item. As you didn't specify versions at all I'm working on the assumption that you're running a current version of 1Password, either 7.1 or newer on Mac or 7.2 on Windows. These two versions saw a large change and potentially disruptive change to the filling logic. I've had to file a few reports and undoubtedly will need to file others as we learn where the new logic is weak. In some cases old Login items are behaving as they once did but a new one does. Any testing and reports filed would be based on what 1Password saves in testing done today so it's important to learn if its a site that 1Password is struggling with full stop or just when trying to fill with an older item.

  • romad
    romad
    Community Member

    Actually, it is version 6.8.9 since version 7 won't run on my iMac under El Capitan. Now that Mojave is out, I plan on installing Sierra on the iMac; I just upped my MacBook Air to High Sierra (from Sierra) as I keep it one OS newer than the iMac. But HS is as far as both will run. So once I have Sierra on the iMac I'll see about upping to 1Pwd 7 on it also.

    And as I said I HAVE created a new login item; it worked fine the first couple of times and then started acting the same as the old one. Since this problem is NOT with all logins, I doubt it is a 1Pwd problem, but rather a result of a security setting on the particular websites

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @romad,

    As you're still running 1Password 6 that also eliminates my previous theory as the filling code in 1Password 6.8.9 was pretty mature at that point. I wouldn't say it was perfect but it was well understood and definitely means my hypothesis isn't the case.

    I have a request but it may be better to take this to email as I don't think speaking in general terms will allow us to learn what's going on here. With your permission I'll reach out to you on the email address you registered with here in our forum.

This discussion has been closed.