Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

The Enpass widget popups for 2FA SMS inputs and will overlay browser 2FA autofill widget. I suggest that Enpass should not auto-trigger for input with autocomplete="one-time-code". If this input is for OTP from Enpass then this value would be in the clipboard after the login and thus should also not need the widget. So I don't see much value in showing the Enpass widget for this type of input?

Posted

Hi @Sleepyhead,

Thank you for taking out the time to share your valuable feedback. In order to investigate it better, please share the following details:

  1. Share the details of the Enpass version, OS information, and Website URL
  2. Are you using a store version or a website version of Enpass?
Posted

It is the Enpass Safari browser extension.

It is a generic issue. Many sites require SMS login in addition to username+password. So 2FA but with SMS. Enpass has stored an entry for the URL with username/password. But after the login there is a code input from SMS. This code input often has autocomplete="one-time-code" attribute on the HTML input. IMHO Enpass browser extension should not trigger for such fields. it is not a password field and Enpass does not have 2FA secret code stored for the URL entry. In such cases it is highly likely that the code is supplied with SMS. Thus Enpass should not auto-trigger for input fields with autocomplete="one-time-code".

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...