How credential injection works
Credential injection is the magic behind Blinkr. It allows you to log in to secure sites without ever typing—or even knowing—a password.
The Lifecycle of an Injection
When you visit a website, the Blinkr extension follows a strict security protocol before filling any data:
Domain Validation
Blinkr checks if the site's domain is on your organization's 'Allowed Sites' list.
Form Detection
The extension scans the page for username, email, and password input fields.
Secure Retrieval
If a match is found, the extension requests the encrypted credentials from the Blinkr server.
Injection & Masking
Data is filled into the fields, and the password field is masked to prevent accidental viewing.
Protecting the Password
Even after a password is injected, Blinkr applies several layers of protection on the web page:
Visual Masking
Blinkr swaps the input type and applies CSS security filters so the characters are never visible as plain text.
Clipboard Protection
The extension blocks "copy" and "cut" operations on injected password fields.
Multi-step Logins
Sites like Google, Microsoft, and HubSpot use multi-page login flows. Blinkr detects these and injects the email on the first page, then waits for the password field to appear on the second page before finishing the injection.
Injection not working?
Some sites use non-standard form layouts. If Blinkr doesn't detect a login form automatically, your admin can set a "Custom Selector" in the dashboard.
View troubleshooting guide