Add a reference number under password characters for websites that require 3rd, 7th, 12th character

Ha! As an expat in the UK, I wholeheartedly agree. UK banks seem to be doing their best to force users to make their passwords as insecure as possible and it’s becoming more and more common here…

Thanks for doing this @mkanavakatini! I do think that providing this functionality for the main/default password field (just as 1Password does) as well would be beneficial for a lot of users though. It would be more cluttered if the user wanted to take advantage of this but had to create an additional and unnecessary custom field just to do so.

P.S. As a fellow UK-resident, I’m eagerly awaiting the implementation of this since a number of my banks - NatWest and Lloyds to name two - insist on me entering specific characters each time I log in, and counting the little characters of my large and complex passwords in Bitwarden is a real pain!

1 Like

PR updated!

image

3 Likes

That’s awesome @mkanavakatini !! :+1:

That’s brilliant, @mkanavakatini, thank you! It’d be incredible if the team could get this feature out in the next release, since this + the upcoming additional item types will make Bitwarden pretty much perfect for my needs :grin: (tags, drag and drop, archiving, sort by last edited/created, vault health reports on mobile, and an Apple Watch app would be very cool, but I can live without them… :wink: )

Just to add to my post further up this topic…

…I have discovered that many more sites are capable of working in this way. I usually check the names of the character form fields and, if they are named “char1”, “char2”, etc., I add them as custom fields. The problem has always been where the form fields aren’t named that way.

Yesterday, I found that you can use the label text rather than the form field ID or name, e.g. “Please enter the fourth digit from your passcode”. In this way, I’ve been able to set up a few online banking vault entries to log in completely automatically, rather than requiring me to enter particular characters.

1 Like

Has anyone been able to get autofill working with NatWest’s online banking by any chance? Using ‘1st,’ ‘2nd’ etc (the labels) seems to allow autofilling - with a catch. The issue is that the login page asks for certain characters from both an online banking ‘PIN’ and a separate ‘password,’ and they both use the same labels…!

I don’t have a NatWest account so I can’t see that form - could you have a look and post exactly what the labels and IDs are for those form elements? Perhaps copy and paste a block of HTML.

In case it helps, you can use any of the following HTML attributes as the custom field “Name” for autofilling:

  1. HTML form element’s id attribute.
  2. HTML form element’s name attribute.
  3. HTML form element’s corresponding label value.
  4. HTML form element’s aria-label attribute.
  5. HTML form element’s placeholder attribute.

Source: Custom Fields | Bitwarden Help & Support

1 Like

Is there any update on the PR - it looked like we were so close to getting that feature and then it all went quiet?

Doesn’t asking for specific characters from a password require that website to store passwords in plaintext on their servers in order to validate what the 1st 5th and 6th character are?

I am amazed that in this day and age, when so many companies are reporting breaches that expose customer data such as passwords, that any company is still storing passwords in plain text instead of hashing (one-way encryption) them. Especially banks! One breach of a site like this and, instead of taking years to crack the hashed passwords, they have instant access to every single customer’s account no matter how long and random a password is.

While this feature is indeed useful for such sites, I kinda hope people will contact the companies that use this type of login and request that they hash their users’ passwords. You cannot just have security on the customer side, they need to use secure techniques on the server side as well.

2 Likes

Hi @zexpe, we’ve left feedback on the PR which needs to be addressed by @mkanavakatini before we can merge it. You can keep an eye on progress here: feat: add hidden char count toggle by mkanavakatini · Pull Request #1780 · bitwarden/browser · GitHub.

1 Like

Hey all, sorry had covid then Christmas so fun times. Will set some time aside to clear this in the near future!

4 Likes

How to check it if it in mobile app

You will want to set this up in your PC browser, not the mobile app.

Currently only in browser but there was some PR chat on me helping bring this to other platforms. Was thinking I can sit on it for a few weeks post release, get some feedback from the community, then look to expanding it from there :smiley_cat:

1 Like

@mkanavakatini I really appreciate the offer! Our designers are working on wireframes for the other clients and I was going to ask whether you’d be able to implement them, so excellent timing :slight_smile: There’s no need to wait until after the March release, I’ll send the designs to you (via PM) as soon as they’re ready.

2 Likes

Nice, looking forward to them! :ok_hand:t4:

1 Like

I really need help and even bitwarden not qork qith me in android brawser with bank like HSBc

Do you know why

Hi Thomas,

Could you please help me in my issue