Closed ghost closed 5 years ago
This requires website-specific logic, something that might be worth doing for popular websites. Any sites that you have in mind? Amazon recently switched to a new login flow, that's the biggest issue I am currently aware of. Microsoft login flow (includes live.com and various other domains) is also problematic.
I spot it on a few non-popular sites. Probably it's not worth creating site specific rules for them if no general solution is available.
Could you list them nevertheless? Having this kind of flow on a small website is rather unexpected, unless they installed a generic solution which for some reason considers splitting login into multiple steps a good idea.
They're mostly financial related sites, examples: https://nettbanken.nordea.no/login/ https://ro.unicreditbanking.eu/en/login_form https://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto?dse_operationName=LOGON https://www.pekao24.pl/ClientLogonUK.html
Maybe not small but very geography-dependent. Many banks are using some security-by-obscurity techniques which like to piss-off password managers. Anyway resolving it case by case doesn't scale.
unicreditbanking.eu is actually the typical scenario - both username and password fields are present on the page, the latter merely being hidden initially. It probably works out of the box, or maybe it will with minimal changes.
Bank Pekao is very "special" as it also features a password input method which might work with our partial passwords fill-in but I wouldn't bet on it.
The other two should be doable, maybe I can figure out some heuristic for such websites that will work in most cases without requiring special code.
Other high-profile websites that are using this:
There are also a lot enterprise cloud services where you enter your user name on the cloud providers page and are then taken to your organization's (i.e. company/school) log in page.
On https://paypal.com login autofill does not working right now.
Yes, sknorr mentioned it above already. Amazon also had this split login process for a while but gave up on it apparently.
Ok, the heuristic I have is now:
This works really well on unicreditbanking.eu. Still good but slightly less so on paypal.com because it won't focus the email field automatically, so one has to click it. santander.co.uk and send.firefox.com split the login process to two different pages, so you have to click "Fill in" again once you arrive on the next page (or copy the password manually, because send.firefox.com sends you to accounts.firefox.com which is off limits for Firefox extensions). And on pekao24.pl you have to click the client number field first, then "Fill in," then on the next page "Fill in" again (which actually works, despite partial password input).
Noticed that Yandex is also affected by this issue. The new heuristic deals with it correctly without any further changes.
Not sure it makes sense to write this into a closed issue but I found two pages which are not yet properly handled by this system:
In addition, amazon.de have regressed to using the split login. However, Amazon at least works ok, as in: I have to auto-fill twice (user name, then password) but auto-fill works both times.
[1] shortened code for SAP, with spans, divs, labels and input[type=hidden] removed:
<form autocomplete="off" role="form" action="/saml2/idp/sso/accounts.sap.com" accept-charset="UTF-8" method="post">
<fieldset>
<input autocomplete="off" name="j_username" placeholder="E-Mail, ID, or Login Name" type="text">
</fieldset>
<button role="button" type="submit">Continue</button>
</form>
[2] code for Apple is weird because they seemingly use custom elements instead of a form:
<apple-auth>
<sign-in>
<input type="text" id="account_name_text_field" can-field="accountName" autocomplete="off" autocorrect="off" autocapitalize="off" required="required" spellcheck="false" placeholder="Apple ID" autofocus="">
<input type="password" id="password_text_field" required="required" can-field="password" autocomplete="off" placeholder="Password" tabindex="-1">
<input type="checkbox" id="remember-me">
<button id="sign-in" tabindex="0" disabled="">Continue</button>
<button id="sign-in-cancel" tabindex="0">Close</button>
</sign-in>
</apple-auth>
Some sites are using different pages for login and password fields (within same url). At first page you provide login and on second one password. In that case auto-fill of login always fail as extension can't find password field and you have to copy it manually (filling password field on next page works).
Is there anything pfp can do to improve the workflow in such case?