Jump to content
Enpass Discussion Forum

Do not trigger widget for autocomplete="one-time-code"


Sleepyhead

Recommended Posts

The Enpass widget popups for 2FA SMS inputs and will overlay browser 2FA autofill widget. I suggest that Enpass should not auto-trigger for input with autocomplete="one-time-code". If this input is for OTP from Enpass then this value would be in the clipboard after the login and thus should also not need the widget. So I don't see much value in showing the Enpass widget for this type of input?

Link to comment
Share on other sites

It is the Enpass Safari browser extension.

It is a generic issue. Many sites require SMS login in addition to username+password. So 2FA but with SMS. Enpass has stored an entry for the URL with username/password. But after the login there is a code input from SMS. This code input often has autocomplete="one-time-code" attribute on the HTML input. IMHO Enpass browser extension should not trigger for such fields. it is not a password field and Enpass does not have 2FA secret code stored for the URL entry. In such cases it is highly likely that the code is supplied with SMS. Thus Enpass should not auto-trigger for input fields with autocomplete="one-time-code".

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...