Hello!
I've been using LP Premium for years, but this current issue has become more and more annoying as the sites using the online bank apps / passcodes for payment or identification are more common than ever.
In my country (Finland), the mobile bank codes are the default public site ID method, being one of the most secure ways to strongly prove identity, with a two to three phase process to log in or to pay, and all banks provide them by default, unless the customer declines them, or is under 15 (or 12, in some of the banks, often depending on an individual maturity assessment) years old. They're required for accessing the government sites (eg. the tax office, the employment services, the educational institutions and the national school entrance application systems, and the social insurance fund), most public services, healthcare providers' sites (both public and private organizations), and almost everything else online, at a minimum when registering to a service for the first time. In other words, I need to use them daily, sometimes several times a day, beside using the mobile bank app for the usual payments and account balance checks.
When using the (Android) mobile app and the LastPass inline fill is on, any site that requires registration, strong ID, or payment, and opens up the login window or redirects me to the usual third-party service which provides these logins for public sites, and handles payments on both government and commercial services, always gets a suggested password prompt. The prompt popup also always complains that there are no existing passwords for the site (Surprise! Who would insert the *single use* codes on a third-party service, even LastPass?).
In the vault settings, I've turned it off for all of my bank's websites and services. Yet, it keeps on popping up at every instance I use my bank codes on the mobile. (Even the desktop browser pages which use the mobile bank login or payment, may use the quick access function through the mobile app; this requires scanning a QR code and re-logging in through either the codes, or the device fingerprint scan.) Now, it also keeps on happening on the desktop browser (I use either Chrome or Brave, both on Android mobile and PC desktop). I don't currently need, or use the Windows desktop app.
The bank code entry site ought to be turned off by default, especially since the Terms & Conditions for the mobile / online bank codes include never handing the passcodes to a third party, and doing it forfeits the right to account and credit card securities for the customer. However, it seems to be impossible to consistently turn off for that site / those sites, at least in the mobile, and neither does it universally function in the PC desktop browser extensions.
I'm not sure if this is possibly a problem specific to my phone - it's an old Samsung Galaxy A21s, which so far, still remains compliant to the strict requirements of the bank service app, and the other secure apps I need to use in my daily life, and it's up to date both in regards to the OS and all of the relevant apps. However, since the problem / annoyance occurs also regardless of the browder, even if Brave admittedly is Chromium based, and even on desktop browsers (up to date and running on Win11 Pro 25h2), I wouldn't be so certain. It doesn't usually occur in the bank app itself, though. I can't recall whether I've turned it off in the settings, which still allow autofill prompts in some other apps, on purpose. I can't find the settings in the mobile app, but shouldn't they be universal, also extending to the mobile version and the desktop app, beside the browser extension?
I'm honestly annoyed by the recurring "No suggested passwords. Enter and save a new password for this site?" prompt (not here in verbatim, I can't recall the exact words), because the bank sites are on my "Never list." The mobile app, BTW, does not offer the function to add things to the list, and so far, I haven’t found it under the various menus in the prompt window. Neither can I always find it in the desktop browser extensions, even if it should be there. Sometimes it in the prompt window automatically suggests the option "Never allow suggestions on this site," but not consistently.
The bank's redirect site has a different default address: the normal site is "www.*****.fi" while the redirect site is "online.*****.fi" with exactly the same, omitted bank name. When trying to enter this alternate address to the Never list, the prefix "online" vanishes upon pressing Enter, so I presume that it must be redundant for the address. If it isn't, I guess we've found the problem.
Can you help me? Thanks.
PS. The weird character rows below are an example of what happens when beginning a new paragraph in the mobile browser (Android, Brave). The cursor jumps in the middle of the first word, then "eats" parts of the word and randomly inserts them at the end of the said word, without my doing anything special, while I'm still writing, and it occurs with every new paragraph begun. I decided to leave them in, in case you can fix the possible code issue.
CaC
n youCaC
