Do not trigger widget for autocomplete="one-time-code"

[Sleepyhead]

The Enpass widget popups for 2FA SMS inputs and will overlay browser 2FA autofill widget. I suggest that Enpass should not auto-trigger for input with autocomplete="one-time-code". If this input is for OTP from Enpass then this value would be in the clipboard after the login and thus should also not need the widget. So I don't see much value in showing the Enpass widget for this type of input?

[Manish Chokwal]

Hi @Sleepyhead,

Thank you for taking out the time to share your valuable feedback. In order to investigate it better, please share the following details:

1. Share the details of the Enpass version, OS information, and Website URL. 
2. Are you using a store version or a website version of Enpass?

[Sleepyhead]

It is the Enpass Safari browser extension.

It is a generic issue. Many sites require SMS login in addition to username+password. So 2FA but with SMS. Enpass has stored an entry for the URL with username/password. But after the login there is a code input from SMS. This code input often has autocomplete="one-time-code" attribute on the HTML input. IMHO Enpass browser extension should not trigger for such fields. it is not a password field and Enpass does not have 2FA secret code stored for the URL entry. In such cases it is highly likely that the code is supplied with SMS. Thus Enpass should not auto-trigger for input fields with autocomplete="one-time-code".

[Manish Chokwal]

Hi @Sleepyhead,

I appreciate your response. I have shared it all with the concerned team for further investigation. Meantime, your patience is highly appreciated here. 

SI-2692