It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Auto sign-in after auto-fill "clicks" wrong button
Take https://www.slido.com/'s login page. The login form contains 2 buttons - "Forgot password?" and "Log in", in this order. The former has type="button" whereas the latter is type="submit" , but...
I understand the desire to make things simpler for users of 1Password. However, there are legitimate reasons for a website to have "buttons" inside of login and registration forms. Forgot password as a button (rather than an html anchor element) is valid using todays modern UI frameworks. Additional buttons might include "reveal password" or "create account". It doesn't always make sense to make these links.
I understand that if the website developer creates a login form with multiple buttons that are all type="button" then 1Password has very little information to go on and clicking the first one is a legitimate choice. However, what we have witnessed is that when the first button is marked as a simple type="button" and the second one is type="submit" the first one is still clicked by 1Password.
Some amount of effort to pick the correct button must be made by the 1Password extension. Forms having a button with a type="submit" has been standard for decades now. There is no excuse for 1Password to simply ignore this and blindly click the first button it finds.
