Feature Request: Partial password support

Hi,

I'm increasingly seeing sites turning to requesting only *some* characters from your password when you login. I guess the logic is that online brute-force attacks can be foiled by a retry limit, and that social/phishing attacks are a bigger vulnerability for a lot of people than actual password compromise. Anyway, this is obviously frustrating because it means I can't get 1Password to autofill passwords for these sites. I don't suppose there is any chance that you guys could have a go at supporting these kinds of forms? I'd be happy to have to turn this feature on manually for a particular URL/domain. Beyond that there seem to be a range of different options.

At the crazy pie-in-the-sky end of the range it would be great if the extension could read the page and see if there were single-character listboxes with labels containing ordinals (1st, 2nd, 3rd etc) and work out that these were asking for characters from the password saved for that site.

At the other extreme, if that sounds a bit too fragile and complicated, then perhaps some sort of user-assisted approach might work? Not sure how to streamline the UI for this, but even at a very crude level, having the option to fill a particular field with a character based on a manually supplied index would be an improvement on having to display the password and count characters by hand!

I'm sure there are other options in between as well.

Cheers,

Lucian

Comments

  • khadkhad Social Choreographer

    Team Member
    It would be nice if these companies realized that they are not adding any substantive security benefit and actually just hindering customers who are doing the right thing by using 1Password. But I don't know that we can convince them of this. They seem to always come up with the silliest and least convenient security theater to thwart their customers who are actually using good security measures.

    It's definitely a tricky puzzle to solve. We've had some different ideas in the past, but I can't promise anything specific for the future. I'll certainly pass your vote for this along to the developers.

    One of the best ideas I've seen for now is to store the passwords with numeric markings in the notes field. Here's an example as a Secure Note:

    skitched-20121224-170211.png


    Happy Holidays!
This discussion has been closed.