Suggestion: Save login info not registration info

dominik

<div class="IPBDescription">(was: Enhance registration process detecton on websites...)</div>It's obvious that 1Password toolbar pops up in the browser when you register on a website and click "Register" (Submit). What actually happens if you save such login is that 1Password will store all of the unnecessary registration bloat, while you actually need only the login and password. Sometimes it can be really a lot of bloat (and the database grows up to 5 times faster depending on how often you register). The second problem is that such saved login may not actually work, because the URL and the form may be completely different from the actual login/homepage.



I constantly try to go around this problem by:



1. Fill my registration details

2. Generate a password with 1Password

3. Submit the registration

4. Cancel the 1Password's question about storing the login

5. Go to the homepage right after I register

6. Paste last generated password

7. Log in AND store the login in 1Password now



Not very convenient to say the least.



I was not aware of the problem before and I have many sites/logins saved which either 1) don't work correctly or 2) have a lot of bloat stored in them.



Maybe it would be useful to provide an automated way to remove unnecessary data from all logins -- besides login name and password -- to optimize the database (I know it can be made manually though). Or when saving a login, have an option to come up with a window which allows us to check-mark which form data we don't want to save and match the homepage URL.



Just thinking out loud...

cdenesha

[quote name='dominik' timestamp='1281542449' post='8248']

It's obvious that 1Password toolbar pops up in the browser when you register on a website and click "Register" (Submit). What actually happens if you save such login is that 1Password will store all of the unnecessary registration bloat, while you actually need only the login and password. Sometimes it can be really a lot of bloat (and the database grows up to 5 times faster depending on how often you register). The second problem is that such saved login may not actually work, because the URL and the form may be completely different from the actual login/homepage.



I constantly try to go around this problem by:



1. Fill my registration details

2. Generate a password with 1Password

3. Submit the registration

4. Cancel the 1Password's question about storing the login

5. Go to the homepage right after I register

6. Paste last generated password

7. Log in AND store the login in 1Password now



Not very convenient to say the least.



I was not aware of the problem before and I have many sites/logins saved which either 1) don't work correctly or 2) have a lot of bloat stored in them.



Maybe it would be useful to provide an automated way to remove unnecessary data from all logins -- besides login name and password -- to optimize the database (I know it can be made manually though). Or when saving a login, have an option to come up with a window which allows us to check-mark which form data we don't want to save and match the homepage URL.



Just thinking out loud...

[/quote]



Wow.. I've been doing the same thing for the same reasons! I actually log out after step 4, but I think it may be implied, since there wouldn't be a place to paste the login password otherwise.



Wait, you use the homepage as the URL? Doesn't it have to be the Login screen URL? I think I tried the homepage and there weren't fields for login on it so it didn't work. Unless the home page is the kind that already has the username and password boxes! Not all do, many force you to click to log in.



Good Q.



chris

dominik

Actually I log out after step 4 too, just forgot to mention it. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



You're also right that mostly it's a login page, not the homepage (but sometimes the homepage works too, depending on the site).



It makes sense to do it the way we're both doing, but it's a little inconvenient. I have to admin though that I don't have any suggestion for an ultimate solution.

ameeps

[quote name='dominik' timestamp='1282154886' post='9103']

Actually I log out after step 4 too, just forgot to mention it. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



You're also right that mostly it's a login page, not the homepage (but sometimes the homepage works too, depending on the site).



It makes sense to do it the way we're both doing, but it's a little inconvenient. I have to admin though that I don't have any suggestion for an ultimate solution.

[/quote]





I've been doing this forever too...

khad

I had not even realized that I was using 1Password for Mac like this until just now. It became habit. The problem is that 1Password can only interact with pages you load. In order to register with a site, they usually take you to a separate page. I know I have seen sites that combine this into a single page but couldn't find one with a quick Google search. That, of course, only puts the onus on site designers and does nothing to solve the problem. From a 1Password standpoint, I can't see how better to do this.



Suggestions?



Bueller?

Jeremy R Young

I think khad is probably right to say that it would be difficult to do things better in the program BUT the help files could do much better in explaining this. At present they ignore the problem so people have to learn for themselves. What is needed is a nice clear explanation of the workflow in the 3 minute guide.



Also the dialog box which appears asking if you want to save a log-in could include a reminder (1) not to save if you are on a site registration page; (2) to check that the log-in has worked.



Jeremy

[Deleted User]

[quote name='Jeremy R Young' timestamp='1282644403' post='9674']

I think khad is probably right to say that it would be difficult to do things better in the program BUT the help files could do much better in explaining this. At present they ignore the problem so people have to learn for themselves. What is needed is a nice clear explanation of the workflow in the 3 minute guide. [/quote]



That's a very valid point, we do need to improve the documentation in this area, it's interesting though, a lot of sites I visit have had very few problems when I've saved the login from the registration page, that doesn't mean it's not an issue, just noting my own experience.



[quote] Also the dialog box which appears asking if you want to save a log-in could include a reminder (1) not to save if you are on a site registration page; (2) to check that the log-in has worked.



Jeremy

[/quote]



I'm not sure how this would work exactly, but I'll certainly pass it along to the developers to see if this is something we could incorporate.



Thanks again for the feedback everyone, it's great to have such an active community who are as passionate to see 1Password improved as we are <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

Belushi

I second that something needs to be done about this, as it is the one thing that prevents 1Password from really being a seamless experience. Here are two different solutions to this issue that I can come up with:



1) Some logic could be implemented into 1Password that would, upon saving a login from a registration page (as determined intelligently by the number and types of fields populated), parse the recorded URL to find the base-level homepage for the particular domain. It would then either look for an element directly on the homepage containing the login fields--in which case its work is done--or traverse the links on the homepage to find the correct login link (i.e., URLs or hyperlink text containing words like "login," "log-in," "log on," "sign in," "sign-in," etc.). Upon finding the link, it would navigate to it and accommodate for any redirects from the original link, as well as check to make sure the final landing page is both encrypted (a good sign that it's actually the login page) and contains the proper fields for login. If it does, this login page would be the URL saved to the 1Password entry, along with just the username and password fields extracted from the original registration page. Obviously, all this would be done in the background and be transparent to the user.



Additionally, as a security measure, any login entry that derived its URL in this way should be handled in the following two special manners: It should be highlighted in 1Password in a warning color along with a prominent explanation of why (as well as appearing in a separate sidebar category for "Uncomfirmed" logins or similar); and it should, upon the first time being used with Go & Fill, display an alert to the user explaining that this page was automatically determined and require a second step confirming that it's the right login page before filling in the info. If the user instead navigates to a new page before telling 1Password to fill the info, simply modify the URL for the 1Password entry to match this new login URL (or throw up a question asking if the user would like to do this).



Finally, 1Password should be relatively loose with what domains it recognizes a login as belonging to, so that if the user ever navigates to the login page manually and it doesn't match what 1Password has stored, 1Password will still recognize it as belonging to that domain so the user can still fill in the login info, and 1Password will subsequently modify the URL stored for that entry to match the new login URL. This has the added advantage of letting 1Password automatically adapt if a login page moves or changes.





2) Alternatively, instead of the above, somewhat complex way, of handling this issue, it could simply be handled as it is now, but 1Password could be made more intelligent in adapting to the user's actions (as well as being looser in matching login entries with domains). For instance, if a user saves login info from a registration page, 1Password would behave exactly as it does now, saving the registration page as the URL (although, 1Password still could be more intelligent in only saving the username and password fields from the registration page rather than every field). However, when the user subsequently returns to a page on the same domain (not using Go & Fill, but manually) and then commands 1Password to fill his login info, the page the user does this on is recorded as the new login URL, replacing the existing URL in the relevant 1Password entry. In this way, 1Password appears to the user to be "intelligent," automatically adapting to his behavior.



And in the event that the user requests Go & Fill [i]before[/i] navigating manually to the login page at least once and having 1Password fill in the info, this can be handled in the same way as described above in the first solution, asking the user to confirm that it's the right page and, if not, having him navigate to the correct login page before confirming with 1Password he wants to fill in his login details.



Hopefully one of these solutions will be amenable to the 1Password development team, because it's an issue that really needs solving and is the one thing standing in the way of 1Password becoming truly intuitive and seamless to use. Thanks for listening and for a great product!







Jonathan Richmond

eeljazz

I just came to the forums to post about this exact problem. What a coincidence that I'd find it being the 3rd topic from the top in the 1Password 3 section of the forum!



This has been bothering me for ages as well. A very simple first step toward a real solution would be to give us a "delete all items without checkmarks" button in the item edit view inside 1Password's window. This way, we can hit "save" even when registering and then, over in 1Password's application window, find the right entry and just hit one button to clean up that entry. What I do now, after saving a password in Safari, is to open 1Password, find the login, hit ⌘+E, then hover my mouse pointer over the little red delete button on the left on the item just below the two with check marks.. and then repeatedly delete until only username and passsword are left.

Now THAT's tedious.. especially if you want to clean up your entire database of logins..



Are you guys still looking into this?

cdenesha

Wow, that was a detailed suggestion Jonathan!



I kind of like the automatic cleaning of the Login page idea, as long as there is no chance of a hijacking to a phishing page. Don't see how it could really, but thought I'd mention it quickly.



If the 'delate all but checked' idea gets implemented, perhaps we could have the option to check certain records to keep, then 'Delete the Rest'. I say this because I actually found a login page with a checkbox that I want unchecked when I submit, but always seems to be checked when I come back to the site!



thanks,



chris

dominik

I'm really glad to see (as a starter of this topic) that more people feel the same about it.



I guess 1P developers will come up with some sort of solution sooner or later (later more likely than sooner).