Wells Fargo Commercial Electronic Office (CEO) Login [Wells Fargo is intentionally blocking]

Ben
Ben
edited August 2015 in 1Password in the Browser
This discussion was created from comments split from: Multiple Login Credential Fields.

Comments

  • rroese
    rroese
    Community Member

    I am also having problems with Wells CEO and 1Password. I just followed your instructions above and resaved the login. All the log in data works when I physically type it in, but not when 1P fills it automatically. I have noticed that the fields in their new programing will not allow cut/paste entry -- the fields all require physical input. Is that lock out 1P from working?
    1P V 4.4.3
    OSX 10.8.5
    Safari6.2.6

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @rroese,

    I'm not familiar with this site, could you supply the URL please and I'll definitely take a look.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @rroese,

    Thank you for supplying the URL, it ensures I'm testing not just the right site but also the right part of the site :smile:

    I'm wondering if the version of Safari you are running is making a difference. Obviously you can't do much about that, you're undoubtedly running the latest that Mountain Lion will let you but it might be worth checking out Firefox for example and see how the behaviour compares. Why do I mention this? I did my testing on a Yosemite machine which has Safari 8.0.6 and I found I could paste into the three fields while you were saying you couldn't. I'm wondering if it's specific to this version of Safari and they do say they don't support Mountain Lion any more.

    Now we are having difficulties with that site, how we fill seems to clash with their JavaScript as while I could fill all three fields, the site complained that the Field is required. I had to manually alter the contents of each for it to enable the Sign On button. I could type a space into each field and then fill and that was supposedly fine (our filling wiped out the spaces). I don't have a real account to test with though.

    While prodding the site I found that clicking the Sign On button posts your login credentials to:

    https://chsec.wellsfargo.com/login/login.fcc

    Now if you open that page directly you get the standard three fields and filling on this URL seems to be a lot better behaved. Again though, I can't say for sure if submitting on this page will work due to the lack of a real account.

    So I'd probably recommend grabbing the latest version of Firefox to see if that makes any difference to the copy and pasting issue and I'd love to know if the URL above allows you to successfully log in and if you're redirected to the correct page afterwards. Please do keep us updated :smile:

  • rroese
    rroese
    Community Member

    Thanks for your investigative work. I tried all your suggestions and got the same results. The CHSEC login would only register the username and leave blank the Company name and password entries. On the usual sign in page I used both the latest Firefox v39 and Safari v6.2.7 version updates for 10.8.5 with the same effect. The autoload from 1Password fills the boxes, but the site treats them as if there were no entries unless I type them in manually. Wells CEO posts that they only support 10.9. Seems odd because I can log on to any other Wells site where I do my consumer banking -- it's just their CEO site. I tried your space 'erase' idea and then the 1P autofill with this warning popup, "One or more of your sign on credentials is incorrect."

    I know the right info is in 1P -- when I physically enter it I am logged in properly. I can also cut and paste out of the 1P 'web form details' for the CEO site. If I paste into the page in its raw state I can sign in. However, if once the red boxes and "field is required" warnings are present I can still paste the entries but they will not work.

    And now the latest insult! If I click on the Portal Link and ask for the sign in page it tells me, "You are not authorized for this application." From bad to worse. I really believe it's bad coding on their part, but I am no expert. No one else is jumping into our conversation it seems, so it may just be something with me.

    Thanks

    Rick

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @rroese,

    Can we concentrate on the https://chsec.wellsfargo.com/login/login.fcc URL for a moment as I'm still holding out some hope it will (eventually) work.

    Are you saying that if you follow our How to manually save a Login guide on that page that when you attempt to fill it doesn't fill all three fields? There is some tidying up we can do afterwards in regards the actual Login item but if creating a Login from the extension isn't recording all the right information then something is up. I don't have the older Safari to test with but I'm running 1Password 4 with our current 1Password Safari Extension and it does correctly record all four fields (1Password treats the Target field as a legitimate field).

    Obviously this is just testing filling. It may very well be that login page doesn't behave properly when you click the Submit button but only you can test that. In fact manually entering the data first and seeing if trying to get the page to work at all is worth it might be an idea. If it doesn't allow you to log in then everything else is moot.

    I can't comment much about Wells Fargo but I will say I find my own bank handles their personal and business sections very differently. On the business side their entire system for credit cards is unwieldy and quite frankly old in contrast to how they present personal ones. I think they have very separate IT teams despite all the aspects the two sides have in common and maybe it's the same with Wells Fargo.

  • bhanafee
    bhanafee
    Community Member
    edited July 2015
  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @bhanafee,

    The reason I'm focussing on chsec.wellsfargo.com is because I know that there is nothing I personally can do to resolve wellsoffice.wellsfargo.com, not given the issue is between us filling and what looks like their JavaScript. I can report the issue, which it has been, but it's now up the the devs to delve into what is happening and if there is anything we can do based on how our extension works. So my motivation is to find a workaround that allows people to log in now while we wait for the fix. I want to try and do better than simply say "thank you for the report, we'll try and get that sorted" and leave it at that. I will freely admit, workarounds are what they are but if it allows somebody to resume some sort of acceptable behaviour I deem that a small win.

    As I'm not a customer all I can say is I know we have trouble with the main page and that we currently cannot log in there. I know I can get all three fields to fill on the chsec.wellsfargo.com URL but I don't know what happens after that as I don't have credentials that will ever let me to log in. If we're lucky the page will allow people using 1Password to proceed to the normal landing page and they can proceed as normal.

    I hope that explains my thinking a bit :smile:

    Can I ask, are you a customer of Wellsfargo too and are looking for a solution to this issue?

  • rroese
    rroese
    Community Member

    Well I can report that the workaround does not work either. The fields fill and the CHSEC site jumps to the normal CEO sign in page with the following: "One or more of your sign on credentials is incorrect." It's manual input all the way to get in. It's the only site I've discovered that won't work with 1P. I'm really doubting it's you guys. Perhaps they have built their site this way based on some sort of new security protocol that others may start using? That would suck.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @rroese: Ouch. Indeed. Some sites use Javascript to modify the form as it is submitted, so it may be that something like this is conflicting with 1Password.

    The best thing to do in cases like this is disable autosubmit, try to have 1Password fill it that way, submit the login form manually, and if it's still not working at that point report the site using our Synapse website issue tracker. That way the developers will have some additional information that may help us get this working for you in the future. Thanks again for your willingness to work with us on this! :)

  • rroese
    rroese
    Community Member

    Hello Brenty, just tried both of your suggestions: the manual submit did not work unfortunately, as soon as the fields are filled by 1P they are 'red boxed'. What I have found is that I can paste into the fields if they are in a 'raw' state and then successfully enter the site, once 1P has attempted to fill the fields and they "red box" and then I can no longer paste and I can only manually enter the data. That's the latest.

    And my 1P 4.4.3 does not have a "Report Website Issue" in the pulldown menu. No other way to get into Synapse that I can find. I am running 1P V 4.4.3, OSX 10.8.5, Safari 6.2.7.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @rroese,

    Don't worry, I reported this login page myself when we first started our testing.

    Given the lack of success with the chsec.wellsfargo.com URL I'm currently at a loss. Their mobile version of their site behaves the same too. It would seem any improvement in our compatibility with his particular site will have to come from the devs and we may not have a workaround at the moment. Sorry about this.

  • rroese
    rroese
    Community Member

    When you say "devs" do you mean your programmers or Well's? just wondering. anyway thanks for the help and good luck on the fix.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @rroese: Sorry for the confusion. That would be 'devs' as in the 1Password developers. We don't necessarily have any pull with the developers of 3rd part websites, unfortunately. Granted, the Wells people might update the site on their own to make it friendlier to both 1Password and accessibility features, but we can't necessarily count on that happening. ;)

  • preapty
    preapty
    Community Member

    Hi Agilebits Team,

    I'm part of the Wells Fargo technical support team and also researching this issue for another client (I think). I've been told by our devs our site was redesigned to not accept autocomplete and the sign-on button can only be activated when each field is filled out using keystrokes. This also deals a blow to any browsers with built-in password saving capabilities (IE,Firefox and Chrome, Safari). That is why when modifying each field using the keyboard activates the sign-on button. Please do not focus on https://chsec.wellsfargo.com/login/login.fcc, as that is our policy server and re-director, customer's cannot sign-on directly from that URL. Focus should be placed on https://wellsoffice.wellsfargo.com/portal/signon/index.jsp.

    I've installed a version of 1Password and recreated the experience. Still on the trial period but cannot report website issues since that is not available from the menu. Is there another way to report issues to the Synapse website?

    If there is any assistance I can offer please let me know. We do know of other applications working with our site (Example: Keepass).

    Is there a 800 number for Agilebits support I can call for assistance?

    Thank You for your time.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @preapty,

    Sorry for the delay in responding and thank you for posting :smile:

    Regarding Synapse, the only way to report a website page at the moment is via the Report Website Issue 1Password mini menu option. I believe we did toy with the idea of manual reports at one point but went with the current approach to ensure we received enough information about the versions etc. Now both 1Password 5 for Mac and 1Password 4 for Windows should have this option, can I ask what version and platform you're running and I'll see if there is a reason why you can't see the menu option.

    I have reported the issue myself but as you've confirmed, the JavaScript currently being used on the site does block a number of approaches commonly used. Given the actual filling of the fields happens via JavaScript in our Extension it might (I don't know for certain) that we can't find an approach that is compatible if you require the fields to be entered a single character at a time.

    We don't have a public number that can be called I'm afraid but if there is anything sensitive that you wish to discuss we can move the conversation to email. What I would recommend would be emailing us at support@agilebits.com and if you include a link to this thread then whoever first opens your message will know what we've been discussing and ensures they're as much up to speed as they can be. Could that work for you?

  • preapty
    preapty
    Community Member

    Thank You for responding. I'm using the Windows version 4.60.582 in Demo mode. I have installed the Mac version also and I can get to the menu options to report an issue. I plan to send an email and hopefully your team can keep me in the loop if you all decided to further explore a solution.

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    edited July 2015

    Hi @preapty,

    I'm not much of a Windows user myself but I do keep a VM handy. Now demo mode shouldn't be interfering and I can test that if needed but one thing I do notice is a slight difference in behaviour between Windows and Mac here. In Windows we hide the Report Website Issue menu option until you've attempted to fill on the page. After you've attempted to fill the option is now visible.

    On the Mac we always have the option visible but if you attempt to use it prior to attempting to fill it will open up a new tab informing you of this. As you can see slightly different approaches to the same goal.

    If you have a work email address (not that I suggest posting it here of course) I will happily add it to our bug report if you're willing to be a point of contact. I would have thought our devs would love to talk as normally we're having to pull things apart like a detective to understand what is going on. Hopefully we can find something that works although given our approach is in JavaScript for the extension I'm unsure what can be done (but very happy to be proven wrong).

    Regarding email, if you were to email us at support+forum@agilebits.com with a link to this thread whoever jumps in and grabs your email first will know what is happening and how to proceed :smile:

    ref: OPX-1025

    PUY-96397-739

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thank You for responding. I'm using the Windows version 4.60.582 in Demo mode. I have installed the Mac version also and I can get to the menu options to report an issue. I plan to send an email and hopefully your team can keep me in the loop if you all decided to further explore a solution.

    @preapty: Just to clarify, do you have the 1Password browser extension installed? I didn't have any trouble using Synapse to report the site in Firefox and Chrome. If you do have the extension installed, which version is it? Maybe you're using an outdated (pre-Synapse) version. However, I wasn't able to get the option to report in Internet Explorer, so perhaps that's what you're using.

  • pwhurley
    pwhurley
    Community Member

    when trying to log into the wells fargo commercial site I keep getting the message that field is required despite the fact that 1 password has already filled the field. I have tried re-entering in and everything works fine, and I resave the key but it wont work the next time.
    https://wellsoffice.wellsfargo.com/portal/signon/index.jsp

    If I open 1password then I can copy the password and paste it into the field without a problem.

    I hope this makes sense. 1 password has been great so far.


    1Password Version: 4.6.0.585
    Extension Version: 4.6.0.585
    OS Version: Windows 7 Professional
    Sync Type: Cloud
    Referrer: forum-search:Website keeps saying field is required when 1 password has filled the field

  • khad
    khad
    1Password Alumni

    Hi @pwhurley,

    Thanks for taking the time to contact us. I'm sorry that you are having some trouble. I merged your post with the existing thread for this issue.

    Unfortunately, 1Password is currently unable to submit the Wells Fargo Commercial Electronic Office® login page without modification. Well Fargo has intentionally designed that particular login page to block form filling. As well as interfering with 1Password, we have also been informed that it prevents browser-based autocomplete as well. I'm encouraged that you say you are able to copy and paste, since that was reportedly not working for another user.

    The cause is JavaScript attached to the fields which seems designed to identify when the contents of a field have not been typed character by character.

    What you might try is simply typing and deleting a character at the end of each field after 1Password has filled them to see if that works. It might be easier than copying and pasting. But since I don't have a Wells Fargo CEO account, I wasn't able to confirm that it works. I'd love to know if it does. It would be great to share that workaround with others.

    Cheers!

    P.S. I know it doesn't help with this particular Wells Fargo login page, but I do want to mention that this does not affect their personal or business login pages. (I have a Wells Fargo personal account myself, and I regularly use 1Password to log in on their personal page.)

  • pwhurley
    pwhurley
    Community Member

    Thank you for the help I will try what you have suggested.

  • khad
    khad
    1Password Alumni

    @pwhurley,

    It's my pleasure to help. I've seen that "add a character then remove a character" trick work before on sites that wanted actual keystrokes, so I'm hoping it works on Wells Fargo CEO login page as well. Keep me posted. ;)

  • BForeman
    BForeman
    Community Member

    Just wanted to say thanks for the thread. I had been working to understand why 1P would not fill fields successfully when I had it working correctly for years. Never occurred to me that WF would disable autocomplete intentionally to improve security on the business side. I use 1P successfully on the consumer side. I suppose the dollars at risk are higher on the business side. Thanks again...

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    edited November 2015

    Greetings @BForeman,

    and your post is exactly what I like about the forums :smile: The ability for you to check our forums out and see what others had been asking meant we helped in some way without even knowing we were :smile: I know some people aren't as enamoured with public forums but I do believe it allows us to help more people and I think that's great.

    Of course it's a shame that Wells Fargo don't see the advantage that password managers bring, maybe one day :smile:

    ref: OPX-1025

This discussion has been closed.