Lock screen shows with autofill when username and password are on separate pages
- In 1Password, Settings > Advanced > Security, “Always Show Lock Screen for: Password Autofill” is disabled.
- In Safari, browse to Amazon.com and go to the signin page.
- When prompted, “Log in to amazon.com using 1Password?,” select your login. Before filling, the 1Password lock screen flashes.
- Continue to the password page and select your 1Password login. Again, the 1Password lock screen flashes before filling.
This appears to only occur when the username and password fields are on separate pages.
Is this a bug or as designed? I have toggled on and off the option “Always Show Lock Screen for: Password Autofill.”
1Password Version: 7.2
Extension Version: Not Provided
OS Version: iOS 12.0
Sync Type: Not Provided
Comments
-
@verdi1987: Indeed, that's the way that Apple's iOS 12 Password Autofill feature is designed, to require you to unlock, either by entering your password or using Touch ID to access saved data — whether you're using 1Password, iCloud Keychain, or some other software for this purpose. You're right that this has the effect of, in your perception, requiring you to unlock twice for the "same login", but to Autofill you're invoking it twice and the same security applies. A bit confusing, but I think it's an important consideration. Otherwise a malicious redirect could result in credentials being filled somewhere you wouldn't want, just to avoid you having to unlock again.
I think you're misunderstanding this setting though: "Always Show Lock Screen for Password Autofill" is mostly cosmetic. By default, it's off so that you don't have to wait for the 1Password animation when using the Autofill feature. You will, however, always see 1Password come up briefly, even with this disabled, when using a Login that has a TOTP code which needs to be copied to the clipboard. It's a bit difficult to understand at first since this is all very new and we don't all have a good frame of reference yet, but hopefully that helps clarify. :)
0 -
Had the same when logging into google. Google login over two pages. (Always show lock screen for autofill is enabled). First screen pick account using key icon in iOS. 1pwd lock screen shown -> touchid .Next screen pick key icon again to fill password, lock screen shown again. Pre ios12 the two screens would be filled. Is this how autofill works over two screens.
0 -
That does appear to be the case, @3bridges, yes. I’m not sure there is any influence we have over that, but I will mention this to our development team to see if there are any improvements we can make in this regard. In the mean time it may make sense to use the 1Password extension rather than Password AutoFill on such pages.
Ben
0 -
@brenty, I think I understand what is happening now. It is indeed the TOTP sites that result in the lock screen animation.
In iOS Settings > Face ID & Passcode, I have "Password Autofill" disabled, so I am not normally presented with a prompt to authenticate. However, it seems that TOTP entries in 1P do in fact always prompt to authenticate, regardless of the "Password Autofill" state in Settings.
Is this how the feature is designed, or is it a bug?
0 -
@3bridges: To clarify, with Autofill the filling itself is done by the OS. You can, however, still use the 1Password iOS extension like we all used to in order to use 1Password's filling functionality instead, which sounds like it works more the way you want it to in this instance. Cheers! :)
0 -
I think I understand what is happening now. It is indeed the TOTP sites that result in the lock screen animation.
@verdi1987: Yes! That's exactly it. In other cases, with no TOTP, you will only see the 1Password screen if the setting you mentioned earlier is enabled.
In iOS Settings > Face ID & Passcode, I have "Password Autofill" disabled, so I am not normally presented with a prompt to authenticate. However, it seems that TOTP entries in 1P do in fact always prompt to authenticate, regardless of the "Password Autofill" state in Settings. Is this how the feature is designed, or is it a bug?
I'm not sure I follow you here though. Can you clarify why you wouldn't expect to need to unlock 1Password?
0 -
@brenty, I think I may have a handle on the behavior now. Try this:
- In iOS Settings > Face ID & Passcode, disable "Password Autofill."
- In 1Password Settings > Security, set Auto-Lock to 1 minute and launch Safari. (It does not have to be 1 min., but we want the Auto-Lock to be triggered.)
- Wait 1 minute.
- Go to the login page of an entry with TOTP. (I use Amazon.com.)
- Select your 1Password login for the website but force Face ID to fail so that you are presented with the Master Password field.
- Enter your Master Password and fill the login.
- On the subsequent Amazon.com password screen, again select your 1P login. The lock screen flashes with Face ID even though you have already successfully authenticated.
- Allow the login to authenticate.
- Now either go back to the login page or browse to another site for which you have a TOTP entry (Google.com in this example).
- Fill your username using 1P. The Face ID authentication displays.
- On the password screen, fill using 1P. The Face ID authentication displays.
Now exit Safari and launch 1Password. Authenticate if required.
- Go back to Safari.
- Go to the Amazon.com login page or any website with TOTP.
- Select your login. You will not be prompted to authenticate. The login will simply fill (although the lock screen flashes).
- Try again with the password screen or another TOTP website. Again, you will not be prompted to authenticate.
So the issue seems to be surrounding failed authentication causing repeated requests to authenticate even after the ID is successful.
0 -
@brenty I have checked with iOS extensions 1pwd prompts with lock screen on both pages, I am sure on the old version when you landed on the password page for google the password was already filled in.
Also with autofill on, the autofill lock toggle doesn’t seem to make any difference.
0 -
Hi folks,
Thank you for the additional information on this. If you enable 1Password > Settings > Advanced > Security > Always show lock screen for Password AutoFill does that give you the experience you'd expect?
Ben
0 -
Ah, okay, gotcha... I don't know if that is possible, but I will certainly share the feedback with the rest of the team.
Ben
0
