Enter characters 3, 6 and 10 of password

I'm seeing more sites using this style login (mostly financial or investment sites).

1Password doesn't seem to have any way to deal with this, but it would be a great feature if it could at least attempt to parse the text and autofill. Without this there's a danger it encourages people to use a simpler password, just so they can fill the characters from memory (yet they are typically the sites you need to be as secure as possible)

It's made even less usable by the fact the Reveal button is so fiddly (on OSX and Chrome extension), although Im sure it didn't used to be.
Maybe right-clicking the asterisked password could be used as a reveal shortcut?

Thanks


1Password Version: 6.8.8
Extension Version: 4.7.0.90
OS Version: 10.12.6
Sync Type: Dropbox keychain

Comments

  • LarsLars Junior Member

    Team Member
    edited March 2018

    @carpii - We're sympathetic to the plight of those forced to work with sites with such security theater practices, but I urge you to direct your requests to the sites in question. Ask them to change their password/sign-in policies. This particular bit of security theater provides slim, debatable additional benefit against a very narrow range of threats (just one, actually: keyloggers on the user's machine), while actually reducing security for many other, more prevalent types of threats. Since we've already got a way for users to both reveal their password and the Large Type feature shows the character-position count under each character (and given that the number of sites that force users to jump through such hoops is still relatively small), I don't see us altering our setup to accommodate this. Have you had a chance to use the Large Type feature yet? If not, give it a try; let us know what you think!

  • As the previous user has say, the Reveal button is fiddly to use. The same goes for the Large Type button. A keyboard shortcut would make these two feature much more useful.

  • brentybrenty

    Team Member

    Thanks for the feedback! I'm not sure how discoverable a keyboard shortcut would be, but we'll see what we can do to make the multiple options for password fields more user friendly. Cheers! :)

  • carpiicarpii
    edited April 2018

    I did start using the large type feature, it's better than what I was doing previously, but still quite cumbersome

    Another idea to consider would be to improve the big-type dialog which pops up.

    Perhaps it could allow you to click on the character positions and it will populate that character into the browser, then tab to the next field. This would be a really awesome improvement (clicking outside the popup would dismiss it as it does now).

    I do acknowledge that sites which use this sort of security would be far better off using a conventional username/password procedure.
    But the notion that I can persuade a large financial institution to reconsider their login process.. well I'm sure you can understand that's never going to happen :(

  • brentybrenty

    Team Member

    @carpii: I disagree on that last point. I've seen plenty of companies change their password policies over the years, and you may find this blog post both interesting and useful:

    An open letter to banks

    While you may feel powerless — we all often do in these cases — remember that you're their customer, and you're probably also not alone in your feelings about their "security" measures. It never hurts to let your voice be heard, and when others do the same that can help make a difference too.

    Regarding your suggestion, it's an interesting idea. It's just not something that's possible in the browser currently. Perhaps it will be in the future, but it's (mercifully) not such a common practice so I'm not sure that we could justify developing functionality just for this specific case. It's something we'll continue to evaluate though. And I'm glad that Large Type helps in the mean time. :blush:

  • Any updates?

  • ag_sebastianag_sebastian 1Password Alumni

    Hi there @CashMc,

    There aren't any updates, as it's not something we can make much progress on. :( If your bank requires you to type in specific characters, I'd like to suggest contacting that bank, just as brenty suggested

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file