Protect what matters – even after you're gone. Make a plan for your digital legacy today.
iOS AutoFill completely broken after the last 24hr update
Hi team, Since the most recent 1Password iOS update rolled out in the last 24 hours, AutoFill has completely stopped working on all websites. It worked perfectly yesterday. I have already checked my iOS settings and tested changing the 'Auto-Lock on Exit' settings, but nothing forces the AutoFill prompt to work. I have already emailed my iOS diagnostic report directly to support to help track this down. Can someone confirm if the engineering team is aware of this regression and if a hotfix is on the way? Thank you, GeorgeWhat is an Agent Chassis?
Jeff Malnick’s post is confident. It’s also detached from how developers actually ship code today and made me furious.“Agent chassis” boils down to: the script that runs your agent. Fine. But the security layer argument collapses when the tooling underneath is fragmented.Right now you pick between CLI, shell plugins, service accounts, connectors, environments — each with different auth models, rate limits, edge cases, and silent failures. None cleanly support a headless agent workflow. I’ve built workarounds for my workarounds.Agentic coding made this obvious. Agents need real credentials at runtime. Not desktop popups. Not biometric prompts in a terminal.The community built unofficial MCP servers. Anthropic shipped 50+ connectors. 1Password isn’t there.The spec is public. It’s buildable. So—who’s shipping it?
1Password Access after Death, Legacy Contacts
I am not planning to die anytime soon, but sometimes things happen. Beyond securing my 1Password details in an Escrow account, or with a lawyer, or in a bank lockbox, does 1Password offer any means of allowing one or more designated member of the 1Password Families account to access the 1Password account in case of the primary owner's passing? Apple now offers the ability to add one or more https://support.apple.com/en-us/102631 so that in case of your untimely demise, an Access Key and a Death Certificate allows Apple to grant the holder of both of these to get a new Apple ID that has access to your Apple ID Account. It may be something 1Password wants to consider, though I realize that reviewing Death Certificates may not be on the high list of priorities for the team! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Using Violentmonkey to Control 1Password Autofill on Specific Sites
As an answer to this issue. I asked claude code to summarize the problem and generate a potential solution. Problem: 1Password has no way to permanently disable autofill on specific websites. The only built-in option ("Hide on this page") is session-only and resets on browser restart. Users working with CRMs, dashboards, and web apps with many form fields have 1Password icons blocking dropdowns, suggesting irrelevant credentials, and firing "save this password?" prompts constantly. This has been requested for 3+ years with 46 replies and no native solution from 1Password. Solution that gives you **permanent, granular control** over where 1Password appears using **Violentmonkey**, a free and open-source browser extension. --- ## What is Violentmonkey? [Violentmonkey](https://violentmonkey.github.io/) is an open-source (MIT license) **userscript manager** for Firefox, Chrome, and Edge. It lets you write small JavaScript snippets that run automatically on specific websites, modifying how those pages behave in your browser. Think of it as a personal customization layer for the web. You define *which sites* a script runs on, and *what it does* when it runs. Scripts persist across sessions, restarts, and updates. **Key facts:** - Free, open-source, no telemetry - Available on [Firefox Add-ons](https://addons.mozilla.org/en-US/firefox/addon/violentmonkey/) and [Chrome Web Store](https://chrome.google.com/webstore/detail/violentmonkey/jinjaccalgkegednnccohejagnlnfdag) - Active development and community - Lightweight -- only runs scripts on pages you specify --- ## How Userscripts Work A userscript is just JavaScript with a metadata header that tells Violentmonkey *when* and *where* to run it. Here's the anatomy: ```javascript // ==UserScript== // @name My Script Name // @namespace my-scripts // @version 1.0 // @description What this script does // Match https://example.com/* // @grant none // @run-at document-start // ==/UserScript== (function () { "use strict"; // Your code here })(); ``` **Important fields:** - `@match` -- URL pattern where the script runs. Supports wildcards (`*`). You can have multiple `@match` lines. - `@run-at` -- When the script executes: `document-start` (before the page loads), `document-end` (after DOM is ready), or `document-idle` (after page is fully loaded). - `@grant` -- Permissions the script needs. `none` means it runs in the page's own context. --- ## The Core Solution: Blocking 1Password on Specific Sites This script uses **two mechanisms** to completely suppress 1Password on any site you list: 1. **`data-1p-ignore` attribute** -- This is 1Password's own official HTML attribute. When present on an `<input>`, 1Password skips that field entirely. We add it to every form element on the page. 2. **MutationObserver** -- Watches the DOM for 1Password's custom elements (`com-1password-menu`, `com-1password-button`, `com-1password-notification`) and removes them the instant they appear. ### Full Site Blocker Script ```javascript // ==UserScript== // @name 1Password Blocker // @namespace 1password-control // @version 1.0 // @description Permanently block 1Password autofill on specific sites // Match https://crm.example.com/* // Match https://admin.example.com/* // @grant none // @run-at document-start // ==/UserScript== (function () { "use strict"; const SELECTORS = "com-1password-menu, com-1password-button, com-1password-notification"; // Remove 1Password custom elements as they appear new MutationObserver(() => { document.querySelectorAll(SELECTORS).forEach((el) => el.remove()); }).observe(document.documentElement, { childList: true, subtree: true }); // Mark all form fields so 1Password ignores them document.addEventListener("DOMContentLoaded", () => { const mark = (el) => el.setAttribute("data-1p-ignore", ""); document.querySelectorAll("input, select, textarea").forEach(mark); // Catch dynamically added fields (SPAs, AJAX-loaded content) new MutationObserver((mutations) => { for (const m of mutations) { for (const node of m.addedNodes) { if (node.nodeType !== 1) continue; if (node.matches?.("input, select, textarea")) mark(node); node.querySelectorAll?.("input, select, textarea").forEach(mark); } } }).observe(document.body, { childList: true, subtree: true }); }); })(); ``` ### How to Install 1. Install Violentmonkey from your browser's extension store 2. Click the Violentmonkey icon in your toolbar 3. Click the `+` button to create a new script 4. Delete the template and paste the script above 5. **Edit the `@match` lines** to list your target sites 6. Press `Ctrl+S` to save That's it. The block is permanent and survives browser restarts. --- ## URL Pattern Examples The `@match` pattern follows the format `scheme://host/path`: ```javascript // Block on an entire domain // Match https://app.hubspot.com/* // Block on a specific section only // Match https://app.hubspot.com/contacts/* // Block on all subdomains of a domain // Match https://*.salesforce.com/* // Block on 1Password's own login page // Match https://my.1password.com/* // Block on an internal/corporate tool // Match https://internal.yourcompany.com/* // Block on multiple specific paths // Match https://site.com/contacts/* // Match https://site.com/accounts/* // Match https://site.com/deals/* ``` --- ## Beyond Full Blocking: Other Possibilities The beauty of userscripts is flexibility. Here are variations that solve specific pain points raised in this thread: ### 1. Block on Specific Fields Only (Not the Whole Page) For CRM users who still want 1Password on the login page but not on "Name", "Address", and "Phone" fields inside the app: ```javascript // ==UserScript== // @name 1Password Field Filter // @namespace 1password-control // @version 1.0 // @description Block 1Password on non-login fields only // Match https://crm.example.com/* // @grant none // @run-at document-end // ==/UserScript== (function () { "use strict"; const IGNORE_PATTERN = /name|address|phone|city|zip|state|company|title|email|fax/i; const maybeIgnore = (el) => { const hint = (el.name || "") + (el.placeholder || "") + (el.id || ""); if (IGNORE_PATTERN.test(hint)) { el.setAttribute("data-1p-ignore", ""); } }; document.querySelectorAll("input, select, textarea").forEach(maybeIgnore); new MutationObserver((mutations) => { for (const m of mutations) { for (const node of m.addedNodes) { if (node.nodeType !== 1) continue; if (node.matches?.("input, select, textarea")) maybeIgnore(node); node.querySelectorAll?.("input, select, textarea").forEach(maybeIgnore); } } }).observe(document.body, { childList: true, subtree: true }); })(); ``` ### 2. Suppress "Save This Password?" Prompts Only For YubiKey or OTP users where the password changes every time and 1Password's save prompt is the annoyance -- not the autofill itself: ```javascript // ==UserScript== // @name 1Password Save Prompt Suppressor // @namespace 1password-control // @version 1.0 // @description Block only the save/update password notification // Match https://vpn.example.com/* // @grant none // @run-at document-start // ==/UserScript== (function () { "use strict"; new MutationObserver(() => { document.querySelectorAll("com-1password-notification").forEach((el) => el.remove()); }).observe(document.documentElement, { childList: true, subtree: true }); })(); ``` ### 3. Auto-Submit After 1Password Fills Credentials For login pages where you always click "Sign In" after 1Password fills the form -- skip the extra click: ```javascript // ==UserScript== // @name Auto-Submit After 1Password Fill // @namespace 1password-control // @version 1.0 // @description Automatically submit login form after 1Password fills it // Match https://slowapp.example.com/login* // @grant none // @run-at document-end // ==/UserScript== (function () { "use strict"; const observer = new MutationObserver(() => { const user = document.querySelector('input[name="username"]'); const pass = document.querySelector('input[name="password"]'); if (user?.value && pass?.value) { observer.disconnect(); setTimeout(() => { document.querySelector('button[type="submit"]').click(); }, 300); } }); observer.observe(document.body, { subtree: true, attributes: true, childList: true }); })(); ``` ### 4. Help 1Password Recognize Non-Standard Login Forms Some legacy apps use weird field names (`usr_id`, `usr_pwd`) that 1Password can't detect. Fix them: ```javascript // ==UserScript== // @name Fix Login Fields for 1Password // @namespace 1password-control // @version 1.0 // @description Add autocomplete hints so 1Password detects login fields // Match https://legacy-app.example.com/* // @grant none // @run-at document-end // ==/UserScript== (function () { "use strict"; const userField = document.querySelector('input[name="usr_id"]'); const passField = document.querySelector('input[name="usr_pwd"]'); if (userField) userField.setAttribute("autocomplete", "username"); if (passField) passField.setAttribute("autocomplete", "current-password"); })(); ``` ### 5. Visual Indicator for Blocked Sites Add a small unobtrusive badge so you remember 1Password is suppressed on the current site: ```javascript // ==UserScript== // @name 1Password Block Indicator // @namespace 1password-control // @version 1.0 // @description Show a small badge when 1Password is blocked // Match https://crm.example.com/* // @grant none // @run-at document-end // ==/UserScript== (function () { "use strict"; const badge = document.createElement("div"); badge.textContent = "1P blocked"; badge.style.cssText = "position:fixed;bottom:8px;right:8px;background:#1a1a2e;color:#8b8ba7;" + "padding:4px 10px;border-radius:4px;font:11px/1.4 system-ui;z-index:99999;opacity:0.5;" + "pointer-events:none;transition:opacity 0.2s"; document.body.appendChild(badge); setTimeout(() => { badge.style.opacity = "0.2"; }, 3000); })(); ``` --- ## Summary Table | Script | What It Solves | Who Needs It | | ---------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | | Full site blocker | 1Password appears everywhere on a site | CRM users, dashboard users, web app power users | | Field-level filter | 1Password icons on non-login fields (Name, Address, Phone) | CRM users who still need 1Password on the login page | | Save prompt suppressor | "Do you want to save?" on every OTP/YubiKey login | Security key users | | Auto-submit | Extra click after 1Password fills credentials | Anyone tired of clicking "Sign In" | | Field fixer | 1Password doesn't detect login fields on legacy apps | Users of older internal tools | | Visual indicator | Forgetting which sites have 1Password blocked | Anyone using the blocker scripts | --- ## Why This Works Better Than 1Password's Built-In Options | 1Password's Options | Limitation | | -------------------------------------- | ---------------------------------------------- | | "Hide on this page" | Session-only, resets on restart | | Disable "Show autofill on field focus" | Disables autofill on ALL sites globally | | Remove website URL from login item | Loses autofill on the login page too | | "Never save on this website" | Only affects save prompts, not the inline menu | **Violentmonkey scripts are:** - Permanent across sessions and restarts - Per-site with wildcard URL matching - Granular down to individual fields - Shareable with team members (just send the script) - Free and open source --- ## For Enterprise / Team Admins If you manage a team, you can: 1. Write the scripts for your organization's problem sites 2. Host them on an internal URL or GitHub gist 3. Share the install URL with team members -- Violentmonkey can install scripts directly from a URL 4. Scripts auto-update if you set `@updateURL` and `@downloadURL` in the metadata This is the closest thing to a centralized blocklist that's available today without waiting for 1Password to implement the feature natively. --- **TL;DR:** Install Violentmonkey, paste a script, edit the `@match` lines to your sites, save. 1Password is permanently blocked on those sites. No more session-only "Hide on this page" that resets every time you restart your browser.Snippets going away?
I finally got around to checking out the snippets lab feature, but I can't get it to work. I created a snippet item, but it doesn't get replaced even in something like Notes that I'd expect to be well-supported. Also, the Google Docs file: https://docs.google.com/document/d/1TjWdarf3XH_0vQWpU40Gv0Jk5_Gm49LGYjRDlP6svzQ/edit that's linked from the Settings window pane as documentation has been deleted. Is this feature dying on the vine? 1Password for Mac 8.12.2 (81202037)Confusing autofill UX with iframes
According to https://support.1password.com/browser-autofill-security/, the extension will not autofill credentials into forms hosted in cross-origin iframes (except for credit card fields). That’s expected and desirable from a security perspective. However, I ran into a situation where this leads to very confusing UX. Here’s the setup: A page on sitea.com embeds a login form from siteb.com using a cross-origin <iframe>. 1P has a credential saved for sitea.com, but not for siteb.com. When visiting the sitea.com page, the 1Password browser extension does show the inline menu for the saved credential, despite the form being pulled from siteb.com. But, the menu does not work: selecting the credential causes the menu to briefly disappear and then reappear, but nothing is filled. Presumably this is because of the cross-origin restriction. I noted that it's also in a closed shadow DOM, so at least siteb.com can't see the credential (though it can infer some things about it). Quick Access also shows the credential, but nothing happens when you select it. So autofill is correctly blocked, but the inline menu appearing inside a non-matching iframe creates confusion for the user. Same for Quick Access offering the cred but not filling it. Basically, it looks like 1Password's autofill is broken. When I ran into this issue this morning, I didn't catch what was happening right away and ended up emailing support about it, wasting their time and mine. Suggestion: It would be helpful if 1Password showed an explanatory message in this case. It could be in the inline menu in the case of the extension, or somewhere in the window in the case of Quick Access. Or it could be a message popped up when either autofill mechanism is triggered and fails. It doesn't have to be super-technical, but something to let the user know that autofill won't work with the site because of security limitations with the way the site is set up. The user might groan a little, but at least they won't try to plow ahead, get confused, contact support about it, and end up groaning anyway.
