2FA code incorrectly filled on Amazon gift card redeem page

edited March 2019 in 1Password X

On Amazon's gift card redeem page (https://www.amazon.com/gc/redeem and other Amazon regions such as .co.uk and .de), 1Password incorrectly autofills my 2FA code in the "Enter claim code" field.

This is the input field:
<input type="text" required="" id="gc-redemption-input" name="claimCode" class="gc-redemption-input a-input-text a-span12 a-form-selected" autofocus="autofocus" value="" data-com.onepassword.iv="" data-op-id="0" data-com.agilebits.onepassword.user-edited="yes">

1Password Version: Not Provided
Extension Version: 1.14.2 (Chrome 73)
OS Version: Windows 10
Sync Type: my.1password.com


  • brentybrenty

    Team Member
    edited March 2019

    @nyuszika7h: Aha! You're totally right! I was confused by your comments at first, partly because I misunderstood, and partly because I was already signed into Amazon in Chrome. But if you go to https://www.amazon.com/gc/redeem and have to sign in, when the gift card page loads 1Password X misinterprets that "code" field as being for two-factor authentication, so it will fill the TOTP code if you have 1Password setup to generate one for your Amazon login. Thank you for bringing this to our attention! It might have taken us a while to happen upon this specific interaction on our own. :chuffed:

    ref: xplatform/filling-issues#465

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file