Any thoughts on multiple page passwords and selective character entry forms?

I'm happy using a password manager. It's taken a long time for me to make the switch.

However, there are more and more multiple page passwords and forms where for example 3 random characters from my 15 character password are required.

Are any features coming in 1Password to address these?

For example, I can imagine that there are several standard patterns (page1:password, page2:3 chars or page1:password and 3 chars from password 2 etc) . 1Password could accommodate a set of patterns and maybe an ability to create more using a simple XML-based specification. Each website could attach a pattern and the password entry creation template in 1Password could reflect the pattern. When you use the pattern the page could be interactive and 1Password could populate the appropriate character fields after prompting the user for the 3 chars to enter.

Dunno, just throwing ideas but something would be better than nothing...

Comments

  • khadkhad Social Choreographer

    Team Member
    Thanks for asking about this, mekondelta.

    It is not an easy nut to crack, but it is something we have definitely been looking at. You can already set up 1Password to handle multi-page login processes, but random character selection presents an entirely different challenge. If the characters were consistent, it would be pretty trivial. However, there is not an easy way to know which characters the site is requesting each time and parse the password to determine which ones need to be filled.

    I will certainly pass your request along to the developers, though.

    If we can be of further assistance in the meantime, please let us know. We are always here to help!
  • dancodanco Senior Member Community Moderator
    I have (for instance) a 16 character password on a site that asks for random characters.

    My 1PW entry list the password in groups of five with a space in between groups.

    That way I can easily look at my password and see what the characters needed are. It would be better if 1PW could enter random characters itself, but at least this way makes it easy to read off the tenth character of sixteen, which would be hard with the password having no spaces.

    If I am not expressing myself clearly, I use
    ABCDE FGHIJ KLMNO P rather than ABCDEFGHIJKLMNOP
  • khadkhad Social Choreographer

    Team Member
    Ah, yes. Adding a note to the item can help with this too. You can even number each character. It isn't perfect, but can be helpful for those annoying sites. Something like this:


    01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
     p  p  8  E  =  n  1  E  B  p  i  )  0  V  N  N
    
  • If I get a little time I'm going to code up a Chrome extension demo to demonstrate what I'm talking about. Can't promise but a good excuse to learn how to write browser extensions! :-)
  • khadkhad Social Choreographer

    Team Member
    Please share a link when you do. :D
  • Penelope PitstopPenelope Pitstop Junior Member
    edited September 2012
    I had to abort a credit card transaction today because of making two mistakes on entering random characters from a string generated by 1PW. I had to edit the password as danco indicated to avoid the third and final mistake that would have locked me out of using my credit card.

    Would it be possible to have an optional display mode for some items that automatically number each character as Khad showed or split the password into groups of five numbering the start of each group?

    I think that would be really useful.
  • khadkhad Social Choreographer

    Team Member
    I think that could definitely be useful in the situations where it is required. I have to say, I don't normally come across this very often in my own usage but I am sure that some folks see it constantly depending on what sites they frequent. The trickiest part would likely be a sane and helpful UI that isn't cluttered or confusing to folks who don't need it.

    I don't have any specific news on this front, but it something we have looked at here and there. I'm pretty sure that if Apple, Amazon, Facebook, or one of the big players ever implemented such a scheme it would force our hand a bit, but for now we've been busy frying bigger fish (or should that be "phish?").

    It's definitely on our "nice to have" list, though!
  • Penelope PitstopPenelope Pitstop Junior Member
    edited September 2012
    khad wrote:

    I think that could definitely be useful in the situations where it is required. I have to say, I don't normally come across this very often in my own usage but I am sure that some folks see it constantly depending on what sites they frequent. The trickiest part would likely be a sane and helpful UI that isn't cluttered or confusing to folks who don't need it.

    I don't have any specific news on this front, but it something we have looked at here and there. I'm pretty sure that if Apple, Amazon, Facebook, or one of the big players ever implemented such a scheme it would force our hand a bit, but for now we've been busy frying bigger fish (or should that be "phish?").

    It's definitely on our "nice to have" list, though!
    It's more common than your experience leads you to believe. MasterCard SecureCode is just one "big player" example. All my internet banking accounts require it too.
  • khadkhad Social Choreographer

    Team Member
    edited September 2012
    Thanks for that data point! I should be clear that my post above was only about my own personal experience and in no way indicative of everyone's (or even the experience of just the team here). Just adding my two cents. This is definitely on our radar. :D

    I have accounts with Charles Schwab, Fidelity, Bank of America, Chase, Capital One, American Express, ING Direct, Sallie Mae Bank, Wells Fargo, and Citibank which, while certainly not exhaustive does cover a pretty wide range of some of the top players. None of them employ such a technique.

    Just out of curiosity, do you have the URLs where you are seeing this? It might help persuade the devs if I have some more data to pass along to them.

    No promises, but it can't hurt. :)

    Cheers,
  • Penelope PitstopPenelope Pitstop Junior Member
    Hi Khad,

    URLs are a bit tricky. I've PMed you.
  • I'd love to see this feature too. It makes logging into a my bank a real hassle, and I hate having to reveal the entirety of my password. Just a simple text box that allows me to specify a comma separated list of the character indexes I want to reveal (in an arbitrary order - that's a new thing now 5th, 1st and last character) or copy to my clip board would be great.

    Thanks,

This discussion has been closed.