AWS - AccountId populated with OTP Code

Logging in with AWS worked wonderfully for a while, but all of a sudden when I go to login, 1Password will REPLACE the account id field with the value of the current OTP code.

I've looked at the saved browser fields, and 'account' is there with the correct account id.

This only started happening recently, but is becoming increasingly frustrating.

Has anyone else encountered this problem? Is there a solution?


1Password Version: 1Password 7 Version 7.3.2 (70302004)
Extension Version: 4.7.5.90
OS Version: 10.15.3
Sync Type: Dropbox

«1345

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @naydichev! Welcome to the forum!

    Can you please share the full URL where this is happening so we can test it here too? Thank you!

  • LinusU
    LinusU
    Community Member

    I'm also experiencing this, it stared about a week ago I think. Adding the account id to the browser fields doesn't help. Would love to get this resolved as soon as possible...

  • aaaaaa
    aaaaaa
    Community Member

    +1

    I'm experiencing this as well, and it started about a week ago.

    I've confirmed that the "Account ID" text field's id is "account":

    And I've set the desired string in a saved web form element called "account":

    Also, I'm using version 4.7.6.1 of the 1Password beta Chrome extension, in case that matters.

  • jchadwick
    jchadwick
    Community Member

    I'm having the exact same issue, which started today, but I've seen it (randomly) happen in the distant past. I can't remember what I did to relieve myself of the problem. But here's a possible piece to the puzzle:

    AWS's console login (both cross-account and otherwise) actually saves the AWS account ID (either the name/string or the 12-digit ID -- depends on which you enter) in a cookie. JS code on AWS's side auto-populates the Account ID field from that, regardless of what the "form field" entry has in 1Password.

    I strongly suspect that this model (and whatever the JS code does) confuses 1P's Chrome extension greatly when it comes to field selection. You can verify my claim about cookies by visiting https://aws.amazon.com/console/ (note the URL is not an account-ID-based URL! Those look https://foo-bar-blat.signin.aws.amazon.com/console ) and click the "Log back in" button.

    The real bug here, IMO, is why 1Password is trying to auto-populate the first field (AWS account ID) with the OTP. That behaviour makes little-to-no sense -- I can't even determine how or why the first form field is being given focus.

    I'm on OS X 10.14.16 (Mojave), using Chrome 80.0.3987.132, with 1Password extension 4.7.5.90. 1P itself is at version 7.4.3.

    I'd politely urge the 1P folks to mark this as a high-priority issue; this does impact 1Password for Business as well.

  • Felipe Alvarez
    Felipe Alvarez
    Community Member
    edited March 2020

    I have checked my "web form details" match "account" as in the html source code. AWS seems to have changed something.

    I know 1Password is doing everything they can to help us all to resolve this issue. Excellent job guys! This is definitely NOT a P1 High Priority issue, as users can just copy/paste the account id or account alias from 1Password itself.

    Windows 10, Firefox and Chrome (latest)

  • njitman
    njitman
    Community Member

    It started for me today after the latest update (7.4.753). I even added a "account" label and put my fixed AWS alias in that field (tried a text field too). Did not help - it pastes the OTP into the "account" field every time and of course the login fails. It is actually easier to remove the OTP feature now and use my old method of copying the code since at least the login does not fail and the form resets. I login to AWS extensively for our own account and client accounts, so this is a big productivity hit for me.

    Checking the HTML source for the above screen shot, the three fields are "account", "username" and "password". In my 1P card, username and password are correct. I added "account" with my alias to fill. If I delete the OTP field from 1P, it properly fills all 3 fields. Once I add back the OTP, the OTP is copied into the "account" field.

  • rhornsby
    rhornsby
    Community Member

    Hate to +1 and run, but same issue here, and as other have reported, it has cropped up in the last few days.

    At least for now I know I'm not going crazy.

  • Soundar
    Soundar
    Community Member

    Any update from 1password Team here?

  • mjcsb
    mjcsb
    Community Member

    This happened to me as of Tuesday morning 3/10/20, worked Monday night 3/9/20. Did not do any updates to 1Password overnight.

    Source shows id="account" for the Account ID field. Our 1Password login pages had a field with id as the label when this worked. I updated this field on our 1Password login page to use account, and this fixed the problem on MacOS with Chrome and Safari, but did NOT fix this for other users who use Windows. The problem is still there even with the updated 1Password login page that now uses account as their label for the account number or alias.

  • dangul
    dangul
    Community Member

    Yepp, same here happens this morning 11/3! Got 1.18 passwordX

  • aaaaaa
    aaaaaa
    Community Member

    @Felipe Alvarez I agree with you that we can easily just copy/paste in the account string after filling and before hitting return, but myself, and I suspect @jchadwick and other 1Password users as well, probably feel that this should not be high-priority simply for the slight loss in convenience.

    Rather, the fact that a OTP would populate into an unmasked field like that is a potential security flaw. Technically someone who has compromised your AWS password could look over your shoulder and see that one-time password show up and then use it to gain access to your account before the code expires.

    Yes, it's an extremely unlikely situation that something like that would happen, and I also acknowledge that the MFA code is populated on the next page without being masked (but at least it's expected there and you can take measures to ensure no one can see your screen if you want), but given how rock-solid 1Password's security practices are in all other regards, and given how critical access to the AWS console is for most AWS admins, I think this should actually be a priority issue.

  • asiegman
    asiegman
    Community Member
    edited March 2020

    I've got the same issue. I use this daily, and the sign-in has worked beautifully for months. Worked March 10th. This morning, March 11th, is not working. OTP in the account-id field. OSX 10.15.3, 1Password 7.4.3. Happens in both Safari and Chrome, both from the App itself and from the respective extensions. If I can provide info, I'd be happy to.

  • pinnokio
    pinnokio
    Community Member

    +1 to the issue.
    Symptoms are the same for me.

  • nicwaller
    nicwaller
    Community Member

    +1 I'm affected too, along with my coworkers who use 1Password and AWS. Currently using 1Password Version 7.4.3 (70403002) and Firefox 73.0.1 (64-bit).

  • azzamaurice
    azzamaurice
    Community Member

    +1 Same for me too
    Using 1Password v7.4.4 on macOS with Firefox Extension v1.18.0

  • henrys
    henrys
    Community Member

    Started happening yesterday for me, exact same scenario in Safari 13.0.5 with 1Password 7.4.3 (70403002). Tried adding "account" as a web form field hoping it would prevent 1Password from filling the OTP in the account field, but it didn't work.

  • cabal
    cabal
    Community Member

    i am experiencing this same issue as well. I only started noticing this yesterday. Any update on a fix for this?

    I am running the following

    Chrome: 80.0.3987.132
    1Password X: 1.18.6

  • anakaiti
    anakaiti
    Community Member

    I'm having the same issue.

    Chrome: Version 80.0.3987.132 (Official Build) (64-bit)
    1Password X: 1.18.0

  • MattySaintG
    MattySaintG
    Community Member

    Just had it start happening to me as well.
    Initial testing shows that I can remedy it by adding in my account field info to the Section as well as the saved form details. For anyone that wants to get their logins working again.

  • allcentury2
    allcentury2
    Community Member

    Thank you @MattySaintG ! That worked

  • henrys
    henrys
    Community Member

    Cheers @MattySaintG that worked for me too! Just adding it to the web form details wasn't enough for some reason.

  • nicwaller
    nicwaller
    Community Member

    I'm having trouble following your directions @MattySaintG, or I'm having trouble getting it working for me.

    • I started editing my entry in 1Password
    • View Saved Form Details
    • Add a new field and label="Account", type="Text", value=
    • Save

    But then I still end up with the same problem when I try to auto fill. Did you do something differently? Into which section did you add your account field info?

  • njitman
    njitman
    Community Member

    Not sure what @MattySaintG was referring to when you mention saved form details versus section. Section is easy - I tried both a label named "account" and a text field name "account". Neither seemed to help. I started from a clean entry (deleted previous one), so the username, password and SAVED ON US-EAST-1.SIGNIN.AWS.AMAZON.COM section with "Account ID (12 digits) or account alias" added as a field. So, this was all done by just logging in and letting 1P create a new entry. I then added "account" as another field and put in my account alias, so both the field 1P created and my "account" field match. So, that works to login without OTP auto-fill. I then went and added my OTP field back to the entry. Still fills the OTP into the account field, so I removed it, since it dings the login and then I have to type in the account alias and password - so this is not just a simple inconvenience, it breaks the functionality of the auto-fill. I have gone back to using my OTP generator extension in FF, so I don't have to leave the browser to fill the OTP.

  • ag_ana
    ag_ana
    1Password Alumni
    edited April 2020

    Thank you everyone for the additional information! I was able to reproduce the issue here, and I have opened an issue in our internal tracker for our developers to look at :+1:

    ref: dev/core/core#1154

  • ag_ana
    ag_ana
    1Password Alumni

    Hi Everyone! A quick update: for those of you using 1Password X, please make sure you update to 1Password X 1.18.1, which has a fix for the AWS website :)

  • dangul
    dangul
    Community Member

    Sorry for stupid question but is there any delay for Chrome extensions ? I´m trying to force an update but I still have 1.18.0, do I click to release notes I can see that there is a 1.18.1 version ? This might be a Chrome question but anywat :) Thanks for fast reply and fix, great work!

  • naydichev
    naydichev
    Community Member

    Hey @ag_ana - what about those of us that don't use 1Password X?

    Should we be waiting for updates to the browser extensions? Or will this be a change to the 1Password application itself?

    Thanks for the quick turn around!

  • pinnokio
    pinnokio
    Community Member

    Solution with adding account field for 1P entry works for me.
    But I added it not to Saved Form Details but as a Section.
    Label = Account
    Type = Text
    Field value = my-aws-profile-name
    Refreshed AWS login page and let 1P populate web form details, works like before the issue now

  • ag_ana
    ag_ana
    1Password Alumni

    @dangul:

    I think it's because of the Chrome extension review process by Google. It might take a little bit for the latest version to show up because of this, but they are usually quite fast :)

This discussion has been closed.