The Auto-login 2.0 release is going well so far. But we’ve found some special cases when you might prefer version 1.0. So we have added the option to switch between versions.
When Would This Be Useful?
First case. The new Passpack It! button works well on Firefox 3+. However certain plugins, for example NoScript, may cause it to fail. Auto-login 2.0 release uses iframes as a sandbox to avoid Cross-Site Scripting (XSS), yet NoScript blocks all code running in iframes. There’s no fix for this. So, if you are a Firefox-NoScript user, you will need to switch back to the older version. Other plugins or settings may cause similar problems.
Second case. On Chrome 2 and Safari 4, the new Passpack It! button works sometimes, but not always. For this reason, Auto-login 2.0 release is not activated by default. However, if you really want to, you could try the new version.
The option to switch is available under Auto-login > Install your button. Scroll down to the bottom of the page, and read the instruction. You can always reverse this action if you want.
Want To Help Test?
Naturally, if you would like to help us complete testing Auto-login 2.0 on browsers that we have not officially supported yet – use this option to force Auto-login 2.0 and let us know how it works.

The Auto-login 2.0 release is going well so far. But we’ve found some special cases when you might prefer version 1.0. So we have added the option to switch between versions.

When Would This Be Useful?

Example 1: The new Passpack It! button works well on Firefox 3+. However certain plugins, for example NoScript, may cause it to fail. Auto-login 2.0 release uses iframes as a sandbox to avoid Cross-Site Scripting (XSS), yet NoScript blocks all code running in iframes. There’s no fix for this. So, if you are a Firefox-NoScript user, you will need to switch back to the older version. Other plugins or settings may cause similar problems.

Example 2: On Chrome 2 and Safari 4, the new Passpack It! button works sometimes, but not always. For this reason the Auto-login 2.0 release was not activated by default. However, if you really want to, you could try the new version.

The option to switch is available under Auto-login > Install your button.  Scroll down to the bottom of the page and read the instructions. You can always reverse this action if you want.

Want To Help Test?

Naturally, if you would like to help us complete testing Auto-login 2.0 on browsers that we have not officially supported yet – use this option to force Auto-login 2.0 and let us know how it works.

7 Comments

  1. Erik

    Disabling NoScript is not a real option for me. Please post a new blog entry when there is some sort of workaround.

  2. Francesco

    @Erik
    There is a work around, you need to use the older version of the button. Please read the second paragraph under “Example 2″ for instructions.

  3. Paul

    There’s no fix for the noscript interoperability? Can’t it be addressed in the Anti-XSS Protection Exceptions? Will the 1.0 button remain indefinitely?

  4. Hi Paul,
    We tried a combination of Anti-XSS and whitelisting, but it’s not enough. Passpack options are in double nested iframes which load Passpack.com content on any website. It’s the iframe limitations that ultimately block the popup from fully loading:

    http://noscript.net/faq#qa4_8

    If you’re able to play with the settings and get things working – please let us know. We haven’t managed.

    I don’t know if auto-login 1.0 will be around forever, but it’ll be here for a while to come (it’s the only option for IE6).

  5. The 1.0 button doesn’t work with my bank. I was hopeful that the 2.0 button would work.

    I would think that most Passpack users are security conscious. Therefor, some significant percentage of them are probably NoScript users as well. If the 1.0 button has an uncertain future and there is no interoperability with NoScript moving forward, this is starting to look like a deal killer. :(

    And I had such high hopes for Passpack. It solves the problem of keeping multiple machines in sync that is present with KeepassX.

  6. Francesco

    Hi Paul.
    There is actually a way to make the Auto-login 2.0 release compatible with NoScript. But there would be some issues in implementing it. If possible, I prefer to mantain the double-iframe structure.

    However I understand. I have already contacted Giorgio Maone of NoScript. He is Italian like me so… that makes it easy! I’m sure we will find some sort of solution.

  7. Erik

    Thanks for the updates. I agree with Paul, most Passpack users are going to be a bit more security conscious then the general population.

    I look forward to a solution!

Leave a Reply