Already have passQi on your iPhone?
Drag the button on the right, and drop it onto the bookmark bar of your browser -

Show me!

Detect Login Help

Detect Login

The Detect Login screen is displayed when a login page has been scanned and it is not recognized either as existing in the Vault or in the passQi cloud database of known sites, and the structure is too complex for passQi to reliably infer it.

In order to correctly insert the username and password fields into a page for authentication (login), the specific HTML fields and their internal identifiers must first be determined and associated with the login URL. This information will be relayed to the browser along with the encrypted username and password each time a login sequence is initiated using the browser bookmarklet. passQi uses several methods to determine this; a scan by the bookmark detects common cases, and previously-scanned pages can get their analysis results from the cloud, simplifying new site enrollment for subsequent users. However, some pages require inspection and analysis by the app.

What the Detect Login Screen does

The URL of the target login page is loaded into a web view within the passQi app, and the structure of the page is examined. The forms and input fields within the page are identified, and each input field is decorated with a unique color, which makes it possible to visually identify a specific field.

For each ‘form’ (set of input fields with a ‘submit’ or ‘login’ button) within a page (often on login pages, there is only the login form itself, or sometimes two, the other form typically being a search form in the page’s header or footer).

After loading the page and performing an analysis of it, a panel with a set of large colored fields, tagged with icons representing either the username field or the password field, will appear from the bottom of the screen.

If passQi has correctly tagged the display fields with the right icons (i. e., the color of the field tagged with the user or password icons matches the color of the actual username and password fields on the page), then tap YES to continue and use the results of this page analysis (you will next be prompted to enter your username and password). If there are more than one "forms" in the page, and the guessed form appears incorrect, tap NO and the next form will be displayed. Once past the first form, a BACK button will allow you to back up; NO moves you forward again through the list until reaching the last form; If none of the forms seem to match, the Unable to Recognize Login Fields dialog will be displayed after the last possible form is rejected.

Forms with One or Three Input Fields

Some login sequences will have either multiple pages with only one field (one for username, one for password) — this is typical of bank logins. Other pages may have a third field for some form of extra information. These types of forms may also be accepted, and the application will handle accordingly.

Note that if login takes places across more than one page for a given site, each page will be treated as a separate Login and will be stored individually in the Vault, and logging in will require that you click the bookmarklet twice, once for each page. Note also if you are creating a user record with only a password field, you will still need to enter a username as account name, although it will not be used for logging in.

Unable to Recognize Login Fields

For a variety of reasons, some page forms cannot be recognized; this will generate an alert message offering a couple of options. The first is to try and re-load the URL again with a slightly different set of parameters; this may sometimes work. Tap Refresh to re-evaluate the page.

Some pages have their login fields "hidden" and require you to first click a "Login" link — this doesn’t reload a page, but causes a pop-up dialog to appear. For these types of login forms, you will need to click the "Login" link as well, and then reanalyze the page.

It is also possible that a page different than the login page will be loaded, but which has links which can navigate you back to a login page inside the app’s web view. Following these links, it may be possible to navigate back to the login page.

(In this case, an element such as a cookie was missing when the page was re-loaded into the web view; navigating to the login page establishes the “expected conditions” for the site.)

Finally, if passQi is unable to determine the correct field information, you may save the password anyway in the passQi vault. passQi will not be able to automatically log in using these, because it was unable to recognize the login page, but you can still store the password securely and it will be relayed to the browser when the page is recognized; passQi will store such pages with a “default template,” which cause the username and password to be relayed into an iframe inside the login page (rather than into the form itself), where you may manually copy and paste them into the form. Sometimes the bookmark can determine this requirement in advance, for example when a login form is inside of an HTML "iframe" tag, and will set this style of login as the one associated with the site.

The URL of unrecognized page will be anonymously relayed to the passQi cloud system for future analysis and product improvements. Failed URLs may (possibly) be manually updated in the cloud in future, allowing them to be recognized automatically and used in authentication when they have been added. Check the passqi.com site for listings of sites added to cloud.

Unlinking A Recognized Page

Sometimes pages change, and what worked previously no longer does. To unlink a page from a password – and thereby trigger re-analysis of the page – you can go to the account detail screen from the Vault by selecting the specific site, and tapping the right arrow on the site page image. This flips the panel and lists all of the urls associated with the account; left-swipe and delete a given url, and it will not longer be automatically recognized. If an (incorrect) cloud recognizer is attached, you can then tap "reanalyze" on the page which links the URL back to the account when it is first re-scanned.

Pages with Content Security Policy

Some pages have a security mechanism applied known as "Content Security Policy" which will not permit the passQi bookmark to attach itself to a login page session. In this case, the bookmark signals the application to use the "Cut and Paste" template, which will relay the login information to a separate window, where they can be copied and pasted into the login page.