Can 1P fill out selected characters from password?

Options
EAPTCB
EAPTCB
Community Member
edited November 2015 in iOS

Hi everyone, I think I may have asked something similar before, but that was regarding bank transactions on an unusual secure site.

Anyway, I have just renewed my vehicle breakdown cover and to access my account I need my username and selected charecters from my password. How can I get 1P to 'recognize' what the 'first character' of my password is, and then say, the 'fourth character' etc as in the photo below?

I have included a screenshot for more information.

Comments

  • Ben
    Ben
    edited November 2015
    Options

    Hi @EAPTCB,

    Thanks for taking the time to write in with this. At present 1Password does not have the logic built in to be able to handle this type of login. It doesn't have any code in place to pick out the Nth character of your password and then fill that character into the appropriate field.

    I've previously asked our developers if this is something we could implement in the future, and without saying "yes" or "no" some of the considerations are:

    1. There is no standard for this kind of login. Each website that does it may do it differently from any other website. Essentially we would likely need to write code for each website we wanted to support, which gets unwieldy quickly. Also consider that even after we've gone to great lengths to write site-specific code there is nothing stopping the web developers of those sites from updating something on their end, breaking our support. It gets very impractical very quickly.
    2. We don't necessarily want to encourage websites to take this approach. There is, perhaps, a secure way of doing this, but consider: how does this website know what the Nth character of your password is? How are they storing your password such that they can figure that out? In some cases this means your password is being stored insecurely (e.x. in plain text). In addition to that concern, this is what we might call "security theater." It is designed to give the appearance of enhanced security without actually providing any real benefit to the end user. It presents one of those problems where it creates additional difficulty for legitimate users, but provides no real additional challenge to a computer trying to break in.

    So the long and short of it is that this is not something we're going to be able to tackle right away. On iOS we have the Large Type feature which can assist with determining the Nth character of your password for manual filling into such a form.

    Thanks!

    Ben

  • EAPTCB
    EAPTCB
    Community Member
    Options

    Thank you or the detailed explanation.

    It's such a shame really that particular websites chose this kind of logging in system. Ironically, they are trying to 'act' like they are being extra secure with your credentials, but actually you are forced into choosing a week password which you can remember and count on your fingers! If I used 1password to generate a 32 length random password I would run out of fingers (and toes!) to count on :)

  • Ben
    Ben
    Options

    You're very welcome! I'm sorry it isn't exactly the answer you were likely hoping for.

    It's such a shame really that particular websites chose this kind of logging in system.

    Indeed. :)

This discussion has been closed.