Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What If Password Autofill Won’t Work?

Password vaults are supposed to make things easier. What do you do when they don’t?

Password vaults are sometimes unable to auto-fill fields. There are several ways to work around this.
Frustrated Login
(Image: canva.com)
Question: I’m finally using a password vault. The problem? It won’t fill in on some sites, so I find I have to remember those passwords anyway. What’s the point?

You don’t have to remember those passwords.

There’s one scenario that’s important to understand, as your password manager may be keeping you more secure by not auto-filling.

But it happens at other times as well. Fortunately, there are several workarounds that don’t require you to remember anything other than your password vault’s master password.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Password autofill won't work?

Website design occasionally prevents password vaults from automatically filling in information. More rarely, if your password manager won’t auto-fill, it may be a sign of a phishing attempt. In either scenario, workarounds allow you to initiate the auto-fill or copy/paste the information manually.

The problem

The idea with password vaults is that when you visit a website requiring a sign-in, the password vault software — usually a browser extension — notices, looks up that site in your password vault, and automatically fills in the information for you. All you have to do is notice the fields were magically filled in and click OK. Sometimes you don’t even need to do that; some vaults click OK for you.

Occasionally, however, you’ll land on a sign-in page and nothing will happen. What then?

Danger, danger!

Pay attention when nothing happens. Why? Because it can happen due to a phishing attack.

Say you happen to click on a phishing link that looks like it goes to PayPal but doesn’t. When you land on the site, you’ll see what looks like a PayPal login, but your vault won’t fill anything in.

Password vaults operate by matching the URL that your browser has gone to. The issue may be that the URL in the phishing link doesn’t match what your vault expects. Your vault probably expects something like “https://paypal.com”, but if the link is something like “https://paypal.com.somerandomservice.com”, it won’t match.

Hence, it won’t fill in.

The most important thing to do when your vault doesn’t fill in automatically, especially if it normally does, is to make sure you’re at the site and URL you think you are.

Other issues

The more common cause of this issue is that there’s no standard sign-in form. What looks to you and me as standard User Name and Password boxes you need to fill in can be designed by the web developer in a wide variety of ways under the hood. Your password vault needs to figure out all the under-the-hood stuff so it enters the right information in the right place.

Sometimes, it just can’t figure it out. That’s not the vault’s fault; it’s the fault of the website using convoluted, non-standard sign-in procedures.

Some websites even do it on purpose. In a misguided effort to be more secure, they attempt to prevent password vaults (or any automation) from being used at all.

Fortunately, where there’s a will, there’s almost always a workaround.

My examples

The examples I’ll use here are all from 1Password, but the concepts should apply to most password vaults that normally auto-fill for you. Different password managers may be stymied by different websites and expose the features I’m showing you in different ways, but the ideas should be the same.

I occasionally encounter this problem when signing in to Google/Gmail, so I’ll use that as my example. Again, the concepts should be similar to what you’d encounter on any website for which your password vault isn’t auto-filling.

Option 1: Use the 1Password icon in the entry form

When you have the 1Password extension enabled, you should see a small icon in the right-most spot on a username or password field. The icon is a tiny version of the 1Password icon.

Google sign-in asking for email or phone.
1Password extension symbol. (Screenshot: askleo.com)

You’ll note that 1Password has not automatically filled anything in.

Click on the icon.

1Password dropdown list of available accounts.
(Screenshot: askleo.com)

1Password presents a drop-down list of the accounts it has that match this URL. In this case, there are several entries (note the scroll bar on the list). Clicking the entry in the dropdown list will usually automatically fill the field with the account credentials associated with that entry.

Option 2: Copy/paste from the 1Password icon in the toolbar

If clicking on the entry doesn’t work, there’s another step.

Click on the 1Password icon in your browser’s toolbar.

1Password Toolbar Icon
1Password icon in a browser toolbar. (Screenshot: askleo.com)

You may need to “manage extensions” in your browser to make the icon visible.

This will drop down a 1Password window with a number of options.

1Password Toolbar Drop-down
Clicking on the browser icon reveals vault entries that relate to the URL you’re visiting. (Screenshot: askleo.com)

Clicking on any of the accounts listed on the left will update the information shown on the right. It will also display an “Autofill” button (upper right in the image above) that attempts to automatically fill the associated credentials on the currently displayed sign-in page.

More importantly, if you click on the username (“askleotest@gmail.com” above) or the password, that item will be copied into the clipboard. You can then click on the associated sign-in field and paste the information in. You might need to do this twice, once for the username and once for the password.

Note: several seconds after 1Password auto-fills something, it empties the clipboard to prevent passwords from being left in potentially visible places. If you try pasting something and nothing appears, try again with less delay.

Option 3: The 1Password app

You can use 1Password anywhere, in any browser, without installing extensions at all (though I do recommend the extension for convenience — you’ll find links to it at the 1Password website).

1Password Windows App
1Password Windows app. Click for larger image. (Screenshot: askleo.com)

In the example above, I’ve searched for “google” and selected the “askleotest@gmail.com” entry. Much like the extension drop-down, the right pane contains information about that account’s credentials. Clicking on the username or the password copies either to the clipboard, which you can then paste into its respective field in your browser.

This is the approach I end up using most.

It turns out to be the only solution when I need to sign in to an application or program — such as when I configure an email account in a desktop email program.

As you can see above, the desktop app also has an “Edit” button. I find this the easiest place to make manual changes or to add secure notes to an entry.

A word about mobile

Everything I’ve described above works on mobile to some extent. Given the different levels of permissions required and the security that both iOS and Android systems are attempting to implement, the individual steps may seem somewhat more convoluted and subject to frequent change.

Most often I open my vault on my phone and copy/paste entries into whatever app or website I’m trying to sign in to. This is essentially the mobile version of option 3 above.

Do this

The most important thing to do here is not give up. If your password vault can’t, doesn’t, or won’t automatically fill in sign-in fields for you, look for and take advantage of the workarounds I’ve listed above or others. This allows you to continue to use your password vault and benefit from the improved security it enables.

While you’re at it, subscribe to Confident Computing, my weekly newsletter. Less frustration and more confidence, solutions, answers, tips — and workarounds — in your inbox every week.

Podcast audio

Play

Footnotes & References

1: Some sign-in pages disable right-click, which is one way to access the paste command. If it doesn’t work, click in the field and see if typing CTRL+V or SHIFT+Insert will paste.

11 comments on “What If Password Autofill Won’t Work?”

  1. I hate it when websites disable “paste” in the password field. It doesn’t happen at login very often, but I still run into it occasionally during a new registration.

    Reply
  2. Good tips, because this does happen, and it is frustrating. However, I’ve read that one of the values of a password manager is that it doesn’t autofill on a phishing site because it doesn’t match the URL in your vault. Maybe you could revise the first step for what to do if your password manager doesn’t auto-fill. I’d start with: Back-track and check your risk for phishing potential in reviewing what brought you to the login site. Is it legit?

    Reply
  3. Less than a month ago, my password manager wouldn’t sign me into my email when I got one of those “please sign in again” popup webpages as happens regularly. I was puzzled until I checked the popup’s url. I was being phished. I closed the page and ran a full system malware check. Nothing found.

    Reply
  4. I’ve learned mostly to live with the limitations of autofill, using the methods you’ve outlined here. But one of the more frustrating lapses is when I login to my bank’s website. There, 1Password fills in my password automatically, but refuses to autofill my username. So I always have to copy and paste the username. Any idea why it’s doing this “selective” autofilling?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.