Not Prompted for Password

Hi tda2806 

Thanks for posting and welcome back to the community. Apologies for the online sign in issue.

Have you tried the tips in the screenshot, a familiar device, ensuring no VPN etc?

Best,

I asked AI to analyse the code on the login page WRT Chromebooks here's what is ahs to say:

Here's a breakdown of potential issues:

1. Content Security Policy (CSP) and unsafe-eval / Nonce:

• Code: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' 'nonce-CkAsHyTu90SombQV';" />
• Issue: While nonce is a good security measure, the presence of 'unsafe-eval' in the script-src directive can be a concern. Chromebooks are often used in educational or enterprise environments where security is paramount. Relying on unsafe-eval means the page is vulnerable to XSS (Cross-Site Scripting) if an attacker can inject code that then uses eval().
  • Chromebook Context: Chrome OS and its browser are built with strong security in mind. While this CSP is technically valid, unsafe-eval could be flagged in security audits and is generally advised against if possible, especially for critical login pages. A more robust CSP would aim to eliminate unsafe-eval entirely.

2. Older jQuery Version:

• Code: <script src="assets/scripts/jquery-3.5.1.min.js"></script>
• Issue: jQuery 3.5.1 was released in May 2020. While it's functional, it's not the latest version. Newer versions of jQuery often include performance improvements, bug fixes, and security patches.
  • Chromebook Context: Modern Chrome browsers are constantly updated. Running older JavaScript libraries might occasionally lead to minor performance inefficiencies or compatibility issues with very new browser features, though it's unlikely to cause a critical failure. Keeping libraries updated is a general best practice.

3. Dynatrace RUM Agent (ruxitagentjs):

• Code: <script type="text/javascript" src="/ruxitagentjs_ICA7NVfghqrux_10307250124095659.js" ...></script>
• Issue: This script is for Dynatrace RUM (Real User Monitoring). While not an "issue" per se, it adds an external dependency and can contribute to page load time and resource usage.
  • Chromebook Context: Chromebooks, especially lower-end models, can have limited CPU and RAM. Excessive JavaScript, particularly from monitoring tools, can consume resources and make the page feel less responsive, impacting the user experience. It's essential that such agents are optimized to be as lightweight as possible.

4. Hardcoded URLs and Environment Checks:

• Code:
  • 'page_location': 'https://oauth.virginmedia.com/oauth/email_entry',
  • "pageUrl": 'https://oauth.virginmedia.com/oauth/email_entry' + window.location.search,
  • "environment": (window.location.hostname.indexOf('.dev.') == -1) ? "prod" : "dev",
• Issue: While common for analytics and debugging, hardcoding parts of URLs and relying on hostname checks (.dev.) for environment determination makes the code less flexible and potentially brittle if the deployment strategy changes.
  • Chromebook Context: This isn't a direct Chromebook issue, but a general development practice concern. It highlights that the deployment environment is tied into the client-side code, which can be problematic for large-scale or continuously deployed applications.

5. Web Authentication API (WebAuthn) Implementation:

• Code: window.IsWebAuthnSupported = function IsWebAuthnSupported() { ... }, window.isWebAuthnPlatformAuthenticatorAvailable = function isWebAuthnPlatformAuthenticatorAvailable() { ... }
• Issue: The page checks for WebAuthn support and platform authenticator availability. Chromebooks generally have excellent WebAuthn support, often utilizing built-in biometric sensors (fingerprint on some models) or security keys (like YubiKey via USB-A/C).
  • Chromebook Context: This is a positive aspect for Chromebook users, as it allows for strong, passwordless authentication. The implementation looks standard. The timeout of 1000ms for isUserVerifyingPlatformAuthenticatorAvailable is a reasonable check to prevent indefinite waits if an authenticator isn't present or responsive.

6. Touch/Mobile Detection for iOS (navigator.userAgent):

• Code:
  • var iOS = /iPad|iPhone|iPod/.test(navigator.userAgent) && !window.MSStream;
  • if(iOS) { document.getElementById("forgot-email-tag-ios").style.display="inline"; ... } else { document.getElementById("forgot-email-tag").style.display="inline"; ... }
• Issue: This code specifically targets iOS devices to show different "forgot email" links, potentially to handle iOS-specific browser quirks or deep linking.
  • Chromebook Context: Chromebooks run Chrome OS, which is based on Linux and uses the Chrome browser. They are not iOS devices. This if (iOS) block will always evaluate to false on a Chromebook. Therefore, the else block will always execute, showing the non-iOS links. This is generally expected behavior, as the code is designed to differentiate. The "issue" isn't that it breaks, but that the iOS-specific code paths are irrelevant for a Chromebook. If there were any optimizations or specific UI/UX elements intended only for iOS that differ significantly from the "else" branch, Chromebook users wouldn't benefit from them.

7. Double Click Prevention on Sign-On Button:

• Code:
• $(document).ready(function(){ $('.ping-button-username').dblclick(function(e){ e.preventDefault(); }); });
• Issue: This prevents double-clicking on the "Continue" button (.ping-button-username). This is a good practice to prevent multiple form submissions if a user clicks rapidly.
  • Chromebook Context: No specific issue. This is a robust web development pattern.

8. Email Validation Regex:

• Code: var emailformat = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
• Issue: This is a common and generally robust regex for email validation on the client side.
  • Chromebook Context: No specific issue. Client-side validation improves user experience by giving immediate feedback, regardless of the device. Server-side validation is still essential for security.

9. Broken HTML Comments and Legacy JavaScript Comments:

• Code:
  • ``
  • ``
  • `` (typo "forto")
  • ``
• Issue: Minor syntax issues in HTML comments (-> instead of --> for Ping Protect jses) and potentially confusing commented-out blocks. Using language="JavaScript" is also an older attribute, though browsers ignore it now.
  • Chromebook Context: Purely cosmetic/code hygiene issues. Will not affect functionality on a Chromebook.

10. onformchange Attribute (Deprecated/Non-Standard):

• Code: <input id="identifierInput" type="text" ... onformchange="inputfieldEmail();"/>
• Issue: The onformchange event is not a standard HTML event and is generally not supported across browsers. While some frameworks or custom implementations might polyfill it, relying on it directly is unreliable. It's likely intended to react when the form's state changes, but it's much safer to use standard oninput or onchange events on the input field itself, or to delegate events.
• Chromebook Context: Chrome browsers will likely ignore onformchange. The inputfieldEmail() function is therefore probably never called via this attribute. The blur event listener added later (identifierInput.addEventListener('blur', function(event) { return errorValidation(event); });) handles validation when the input loses focus, which is a more standard approach. This indicates potentially redundant or ignored code paths.