Search not available in Autofill dialog

ID3N
ID3N
Community Member
edited November 2018 in Android

Hi,

I used to be able to search for a login if 1password doesn't correctly detect the site I'm on. This happens every time in Firefox because I guess it scrambles the URL as a privacy measure.

I'm on version 7.1 beta 3

This is what it looked like on 7.1 beta 2

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @ID3N: Which browser version are you using?

  • ID3N
    ID3N
    Community Member

    Happens in both chrome 70.0.3538.80 and Firefox beta 64.0

  • Philipp
    Philipp
    Community Member

    Hi,
    Today I tried to login to feedly with Firefox Beta. 1Password could not match the detail. Thats not the problem, but there is no possibility to search for an alternative. Please add. See attached image.

  • Henry
    Henry
    1Password Alumni
    edited December 2018

    Hi @Philipp and @ID3N and thanks for bringing this bug to our attention! While it is intentional that 1Password won't let you search for logins to fill in your browser—that's an anti-phishing measure—it is definitely not expected for it to be looking for logins matching comgithub.com rather than github.com. I'll go speak with our developers and make sure we get this fixed sooner rather than later :)

    ref: android-369

  • ID3N
    ID3N
    Community Member

    Thanks @Henry for looking into it. I however don't see how removing search is an anti-phishing measure. Users will still open the 1password app and manually enter in their login credentials into a phishing site regardless. All removing search does is make it more annoying for cases where a user has a password saved for blah.com that has region specific version for blah.co.uk for example. I know you can add multiple "websites" for the stored login but this is a pretty fiddly process as I don't see any way of doing this from the Android client.

  • Henry
    Henry
    1Password Alumni

    You're welcome @ID3N! As with all our apps and extensions (Mac, iOS, Windows, and Android alike), you can only fill Login items with matching URLs into websites, rather than just any Login item.

    As for how that helps to prevent phishing: say you've just clicked on a link in an email that just brought you to facebrok.com. Instead of letting you search for & autofill your Facebook login, 1Password will say "no logins found for facebrok.com in 1Password." To overrule that, you'd have to ignore the obvious typo, head into the main app, and copy/paste your credentials into the website. Of course you can do that, but that simple security measure can help many people avoid getting their passwords phished by a malicious website.

    I have passed on the feedback about adding more website fields to Login items in our Android app—that's definitely something I'd like to see happen soon too! And do let me know if you have any more questions/feedback and I can help with.

    ref: android-157

  • ID3N
    ID3N
    Community Member

    @Henry fair enough. If the multiple website fields were added to the Android app, I agree that would be a good compromise. Thanks for passing that on to the relevant team.

  • Henry
    Henry
    1Password Alumni

    Anytime, happy to help @ID3N :chuffed:

  • Philipp
    Philipp
    Community Member

    Hi @Henry
    Small feedback from my side: I'm using Android 9. I tried with feedly.com

    • With Chrome the filling is correct with feedly.com
    • Only with Firefox Beta there is the problem with comfeedly.com
  • Henry
    Henry
    1Password Alumni

    Thank you for the extra detail @Philipp! We've narrowed it down to being an issue just with Firefox Beta, on URLs without a subdomain (e.g. mobile.twitter.com works fine, but feedly.com becomes comfeedly.com). The problem lies on the browser's side, but we'll see if there's anything we can do to help them resolve this, so filling will work properly. :)

  • Guidome
    Guidome
    Community Member

    @Henry I can understand the anti-phishing side of the feature to prevent search... but your documentation clearly state otherwise here.
    Also as the save login feature does not work with Autofill in chrome in android, it is a real pain *** to associate a login item to a website when you are a mobile user only. I am trying to convert my girlfriend to 1password but it seems a real show stopper for her.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Guidome: I don't see anything about phishing there. But I hear you, and I agree that it's confusing. I'll probably get some terminology wrong, but essentially there are two Android technologies we can use for filling: Autofill, and Accessibility.

    Autofill is the most advanced, but depends on the app -- including browsers -- explicitly building in support for it. When it supports Autofill properly, 1Password OPA can identify it as such, and offer credentials matching the URL, which the browser provides. That's the primary phishing protection: 1Password won't offer to fill Logins which don't match the current URL (in the browser, or the associated URL for an app). This only works in Firefox, Firefox Focus, and DuckDuckGo currently. So I'd recommend one of those for the best experience.

    When an app/browser does not support Autofill, OPA can fall back to Accessibility, which doesn’t not get a URL, and the user then searches for and selects a Login item to associate with that app. The secondary phish protection there is that you would have to explicitly approve 1Password to associate an individual Login with the (non-Autofill) app/browser. This works in Chrome, Opera, Microsoft Edge, and Brave currently.

    If and when Chrome fully supports Android Autofill, I'm sure we will be able to enable a lot more great features there too as well. We'll continue to work on supporting additional browsers as they improve their Accessibility and Autofill capabilities. And we're currently working on the ability to and fill new Logins using the Autofill and Accessibility services in beta. If all goes well, you should see that in a stable release before too long. Cheers! :)

  • Philipp
    Philipp
    Community Member

    And when there is Autofill and Accessibility still not working. Then there is the very hidden to activate, but good old working 1Password-keyboard available also. :)

    For example (I reported early 2018 to you): WhatsApp 2-FA is still working with the keyboard (or you have to deactivate Autofill) only.
    I still hope you will find a solution for it... https://discussions.agilebits.com/discussion/comment/415413/#Comment_415413

  • AGAlumB
    AGAlumB
    1Password Alumni

    And when there is Autofill and Accessibility still not working. Then there is the very hidden to activate, but good old working 1Password-keyboard available also. :)

    @Philipp: Right you are! I can't think of the last time I used it, but indeed it's still around. :)

    But yeah, what we really want is to keep working with the more modern filling options so that we can all forget about the keyboard and have a more seamless experience. Thanks for your support!

  • Guidome
    Guidome
    Community Member

    @brenty my point about your documentation is that it mentions you can search for a login item if none are displayed, while it clearly doesn't work that way (with the anti-phishing thing). It is not about anti-phishing itself is not mentioned.

    I understand you have limitations to retrieve login items based on the technology used (either autofill or accessibility, I read about those already in different posts). Also here I probably didn't explain my concern properly because it is not about retrieving the information, but saving it instead. From what I saw, there is a serious usability issue for mobile user only.

    There is no way, while you are in chrome, to save the login information. You need to copy/paste the fields by flipping between apps, which is a real pain. And once you are done, you absolutely need to NOT forget to also initialize the website properly by entering the website domain (have you tried to explain what a domain is to someone which has no technological background like your mother???). This is the most basic workflow you can have to work with the app. If you don't do it that way, you just can't use the app for what it is intended.
    Now, for me, I am not impacted by this workflow issue as I primarily use your product on a desktop running Windows, and I also understand what a domain is. SO once I am on my mobile, all my login items are already properly setup.

    But how can you expect people using mobile only (like my girlfriend or my mother) to use your product with such a limited workflow experience? For now, any member in my family I tried to enrolled on your app refused because it is just too complicated...

  • Hi @Guidome. Thanks for pointing out the documentation issue. I'll let our team know about this.

    As to the save Login flow you described, can you confirm you're using our latest beta update (7.2.BETA-9 )? The reason I asked is because we've added improvements to Autofill and Accessibility in our most recent betas, and you can now create save Logins from the Autofill prompt.

  • Guidome
    Guidome
    Community Member

    @peri I am not on beta, just the regular Google Play Store version. I'll have a look at how to enroll on beta, I presume you have the Google invite listed somewhere on your site. I'll keep you updated.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Guidome: You can find the details in the announcement at the top of this forum category:

    Welcome to 1Password for Android beta!

    Cheers! :)

This discussion has been closed.