Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Navigating automatically to login page or form
Quite a ways back it was pretty easy to set up the URL to go directly to the login form for a site. For example, suppose there is a site http://www.wonderful-site.com. And suppose they had a login pa...
As you may have gathered from all my recent posts here, I have been working on a thorough clean up of my 1P content. I am literally logging in to about 700 websites to see if they are still viable, etc. So finding that a much larger percentage of websites use javascript dialogs for login, where it is not that easy for a tool like 1P to integrate with. Even still finding some flash-powered logins.
When I say "most sites", I am likely not statistically correct. However, it does seem to a much more common practice now for such popups in the sites that I am working with. It would be an exercise to actually compute the percentages.
In practice this means that the login procedure can take multiple steps. When a site does have a direct path via a link to the login page, 1P can login in a single step. But when the login must be reached by clicking on a link that cannot be reached directly, then it is a several step process. So depending upon how the site is implemented, you get variations as follows:
- Sites with login pages that can be linked to directly and autofilled--one step
- Sites with logins that show a form but do not autofill, but will autofill if you click in the username.
- Sites with logins that show a form but will not populate with clicking in the username, but will if you click autofill in the 1P extension (not actually sure if this is a distinct case).
- Sites that will not autofill at all, and one has to copy/paste from the 1P extension into the fields.
This is further complicated by many sites now taking username and password in two separate steps. That adds more possible combinations of steps. This was first most noticeable when logging in to Google properties, but is becoming more common.
Separate forms for username and password should be and used to be considered a security weakness as it means an attacker only needs to find a valid username as step one, and then attack the password separately. I really don't know why this is permitted, except that sites like Google must rationalize that "we have so many members that all email addresses have accounts and having them both on a single form submission does not add that much protection". I don't agree with this, but maybe that's what they are thinking.
Bottom line is your response that there is "no way around it via a tool like 1P".
