Jump to content
Frank Niethardt

Password Extension: Fill on click instead of auto fill

Recommended Posts

We are currently evaluating Passwordstate for roll out.

 

The Password extension is great, but I think it would be better, if you have the option to turn off auto complete, as it sometimes tries too hard to fill forms. Furthermore you don't have the option to decide which account should be used for some form. Maybe you have access to a global admin account, but want to use a personalized account instead?

 

Better is to click some button or press some key shortcut to fill the form. I think of the way like Enpass does it, if you don't mind to try it out.

 

Cheers

Share this post


Link to post
Share on other sites

Hi Frank,

 

Thanks for your suggestion - we appreciate it.

 

If there are duplicate accounts for a sight, the extension icon should turn yellow for you, and the you can click on it to select which account you want to use to login.

Regards

Click Studios

Share this post


Link to post
Share on other sites

+1 to Frank's suggestion.

 

There are lots of times where the browser extension fills in forms that I don't want it to fill in. A common example is when looking at the 'settings' page in a device's web gui... there might be fields to enter a new password and fields to enter a notification email address along with other configurable device settings. The browser extension will often try and fill those password and email address fields, even though I don't want it to. I've taken to opening those pages up in IE to avoid the issue.

Share this post


Link to post
Share on other sites

Hey all, I happened across a good example of an undesired auto-fill today. This is the settings page for our Barracuda email device, which has fields to set the address of the outbound SMTP host and username/password fields for the Barracuda to authenticate with that SMTP host. The PasswordState plugin sees those username and password fields, and fills them in with the credentials I have saved to log into the Barracuda web GUI... which of course is not what should be in those boxes.

 

Having an option to only fill a page after clicking the PS plugin icon would solve this situation.

 

BadAutofill-Example.thumb.png.174471ab457238dd42c94236f912352e.png

Share this post


Link to post
Share on other sites

Yes, please! 

 

What  @GregSmid  said happened to me constantly.  I disabled the browser extension for that very reason.  Several times, I was configuring an important server via web GUI and PasswordState overwrote important information because it thought it was supposed to auto fill.

 

Until there is a better autofill method, I will continue to keep my passwords in two places.  In PasswordState, because it is shareable with the powers that be, and Enpass, because no other password manager that I have ever used does autofilling as well as they do.  I can set a key combo in the browser extension to autofill on key press, and it just works.  They also have a setting that will allow me to use the base domain of any url.  Meaning that when entering a new login record for the ClickStudios forum, instead of entering   https://www.clickstudios.com.au/community/index.php?/login/   as the URL, I can simply enter   clickstudios.com   and when I press my key combo (Ctrl + /), it will autofill correctly, every single time.

 

Please put resources into this!  I cannot take full advantage of the intense power of PasswordState until I have a faster and easier way of entering credentials.

Share this post


Link to post
Share on other sites

Thanks for your request Daryl. We'll let everyone know once we've found the time to work on this, and thanks for your patience till then.

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hey Greg and Daryl B,

 

We're looking into you feature request for you, but can you confirm if you have the following settings for us:

  • You only specify the Base URL field on the password record - screenshot 1 below
  • On the browser form fields tab, are the login field names specified? If using our extension to save the logins, then hopefully it detected them okay - second screenshot below
  • And in the 3rd screenshot below, this setting will not attempt to form fill any fields in the fields on the 'Browser Form Fields' tab are empty

These seems to work for us, and will not form fill fields once inside your web application, but the only exception to this would be if the fields names inside the application are named exactly the same as the login screen - I hope that makes sense?

 

browser1.png

browser2.png

browser3.png

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

I have not tested it, but I would guess that would probably work. 

 

That's not really the point though.  Suppose I update my SonicWall device firmware, and SonicWall has taken the pains to redesign their login form and name the fields something different.  Now I have to remove that record and re-add it. 

 

Or suppose I navigate to the settings page on my SonicWall, which allows me to change the password.  Here there are three fields:  Old Password, New Password1, New Password2.  Old Password will autofill itself, and while New Password1 & 2 may not, I'll get an error saying the new password cannot be blank.  In order to save my changes, I'll have to clear out the password fields.

 

These are the things that people who have systems depending on them can't handle.  We can't have things changing that we're not planning for.  We need tools that are stable, predictable, and just work.

 

PasswordState as a whole is all of those things.  But putting the autofill control into our hands would make it even more so.

Share this post


Link to post
Share on other sites

Hey guys,

 

The vast majority of our saved passwords were not created with the Browser Extension, so they mostly don't have anything filled out on the Browser Form Fields tab. I'd be willing to do some testing with getting those filled out and changing the 'Attempt to fill web sites...' setting if I could change that setting at the user level, but I can't just turn it off at the system level since it'll affect the way the product works for our entire user base.

Share this post


Link to post
Share on other sites

Hi Guys,

 

We are documenting the next round of features for the browser extensions, and we will include this. Darly B, I was posting this information as a work around until we can develop the features you're requesting.

Regards

Click Studios

Share this post


Link to post
Share on other sites

Just adding a +1 for this, as I'm having to disable the Passwordstate extension whenever I browse to our Duo Security admin panel - Passwordstate tries to autofill the 'email' and 'password' field on the admin user page, which isn't a login page. I've set the login page explicitly in the URL field for the password entry, but it still detects other pages.

Share this post


Link to post
Share on other sites

Thanks Mark - we're definitely going to be working on this, and are documenting the new features we want next week.

 

It will take a while to achieve though, as all browser extensions need to be updated - unfortunately there's not a lot of standards between all the browsers.


Regards

Click Studios

Share this post


Link to post
Share on other sites

As a work-around while the new browser plugins are being developed, I've taken to simply duplicating the password entries in PasswordState for those pages where auto-fill is a problem. That way the PS browser plugin sees multiple entries and turns yellow waiting for you to choose one, instead of just filling in the form.

 

Greg

Share this post


Link to post
Share on other sites

+1

Reason: Sometimes the extension fills other fields which are not my logon fields. E.g. I work with a ServiceNow which is running in the browser. There are loads of fields and if a field accidentaly matches the id, it get filled, which can lead to problems when I submit the form then (data get changed unintended). My current workaround: specify in the URL field in Passwordstate the path to the logon form of ServiceNow (/logon.do). The extension is then only running on the logon form.

Share this post


Link to post
Share on other sites

Hey Everyone,

 

Just a quick message to say we are very close to releasing a beta of our new Chrome extension.  Possibly in the next couple of weeks, and this feature is in the new version:)

 

We'll be announcing the beta release on Social Media soon, and we'll report back here to, and you are all welcome to test it out.

 

Thanks again,

Support.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×