Add a reference number under password characters for websites that require 3rd, 7th, 12th character

Feature name

  • Add a reference number under password characters

Feature function

  • Some websites (typically banks) require only certain characters from password (e.g. 4th, 8th, 12th) (See attached image)
  • Currently i have to manually count along my password to find the correct character
  • A UI change to show a number under the password would make this much quicker
  • It could be optional, such as by adding a tick box (see example image). Or maybe only showing the numbers when the user has clicked on the ‘eye’ icon.

That is a very good idea. I like it.

1 Like

I haven’t seen really any sites that ask only specific characters.

7 Likes

Me too, and actually it looks a bit crazy for me to require users to count chars in their password in mind (as we all know that it is always better to not have it written anywhere in plain text)

4 Likes

One of my banks asks for specific characters out of a password. Which specific characters are asked for will vary with each login. A login now consists of username, password, specific characters and a number sent by text.

I have never bothered to try and find out how it decides which characters to ask for, but being done by a bank a bank it will be simplistic, badly thought out and badly implemented.

If they were competent they would offer the far more secure option of a security key, but banks are fairly clueless about information security.

5 Likes

Although the real answer is for legacy banks to just stop asking these stupid questions, we all know this will take approximately eighty years. So in the meantime this feature in Bitwarden would be epic.

8 Likes

I also have a number of accounts where only certain characters from the password are required. Something I do that works about half the time (depending on how the site is coded) is store individual characters as custom fields. For example:

  • My password is EXAMPLE1
  • The site is coded so if they want characters 2, 4 and 8, the form fields are named “passwordChar2”, “passwordChar4” and “passwordChar8”. Check this by viewing the page HTML source.
  • I store custom fields called “passwordChar1”, “passwordChar2”, etc. with values ‘E’, ‘X’, etc.
  • When I’m asked for three characters from my password, I just click the account as normal in Bitwarden and the correct letters are filled in for me. In the example above, X - M - 1.

As I mentioned, this doesn’t work for all websites. Some don’t name the form fields this way, in which case having the character positions visible would be quite handy.

7 Likes

That’s a great tip @danmullen and I’ll take a look at this sometime.

Update on my earlier post. Having thought about this (briefly) I suspect that the bank is using some variation of HOTP to specify the positions of he characters to be entered. Being a bank (and thus useless at IT) they use the ridiculously primitive text to send a TOTP code as the final stage. Being a Mickey Mouse form of communication [1] the texts sometimes don’t arrive. I then swear at them and try again later. IIRC it asks for the same positions in subsequent attempts.

[1] I’m feeling generous.

Update, tried this tip. It didn’t work for me :weary: but I’ll remember it for the future. Thanks again.

2 Likes

Programers in all fields, with minor exception, have very little knowledge of what the customer has to do let alone what the customer thinks about when trying to access such services. A few calls to the support supervisor or manager of the IT department may be a better option than adding the above.

Banksters don’t have the slightest interest in improving “the customer experience”. Programmers do what they are told to do in large organisations.

You are assuming that I have not suggested this to them.

Hi,

I think this is a good work around if the website supports it. As you say some websites dont support it, but also it makes changing the password a bit of a pain.

Thanks for suggestion though. :slightly_smiling_face:

1 Like

The main place I have seen this is on banks (in UK) websites. Another example here:
bitwarden password

I assume they thought it would be extra layer of security if someones computer has a key logging spyware on it, it would not capture the whole password in one go.

Now they typically have two factor authentication, but they kept the random character requirement. I can imagine no one wants to be the person who "lowered’ the security level (i.e. removed it) if something went wrong, so it gets left.

Interestingly other banks in some other countries (the ones I know of) don’t do this requirement and ask for the whole password each time, which does slightly worry me if some keylogging software infected my computer.

I think the best implementation of the solution would be to show the numbers only when the ‘eye’ icon is pressed, then it would not clutter the UI in normal use.

Fingers crossed people vote for this :crossed_fingers:

At least here we have an option to raise it up and get it noticed in front of the developers, much harder to do that to a faceless company.

6 Likes

I would love this function, this has my vote

3 Likes

Feature name: Large-type password

Feature function
What will this feature do differently?
It will show the password in large-type, with an overlay showing the position of each character in the password

Example:
For the password PASSWORD1 - see image below

What benefits will this feature bring?
Many websites ask for partial passwords (e.g: third, fifth and seventh character in the password).
This feature would make it much easier to see what characters need to be entered

An example is shown in the image:

image

1 Like

Thanks, @vachan, and @el613 - I migrated the post here.

1 Like

Unfortunately many of mine don’t store it like this and I still have 10+ websites that I log into multiple times a day where I have to enter information like this :frowning:

Is this something like what everyone had in mind? feat: add hidden char count toggle by mkanavakatini · Pull Request #1780 · bitwarden/browser · GitHub

1 Like

I like how 1Password does it where you have a button to show large text and it has the numbers under it. This way you kill two birds with one stone, you get large text and the word count.

2 Likes

I’ve raised a PR for this feature here feat: add hidden char count toggle by mkanavakatini · Pull Request #1780 · bitwarden/browser · GitHub and updated the UI based on some suggestions from this thread. Feel free to let me know your thoughts.

I will note that I’ve only added this to the custom input section, not the default password input so that it doesn’t clutter the main view.

1 Like

Have you suggested to your bank that they are living in the 1980s and they should update to 2FA and stop with the convoluted nonsense?

2 Likes