Allow picking certain characters on autofill


#1

Some websites, particularly banks, require 3 or 4 specific characters of the password to be entered. Eg 4 8 and 16.
Often these are different password input fields and the auto fill will put the entire password in each box. I have to view the password and count the characters to figure out what needs typing.

KeePass has a feature for this called Pick Chars


#2

Please provide an example web page where you encounter the problem :slight_smile:


#3

Probably quite hard to provide an example URL, as these pages are usually presented after you have entered a name and password. But it’s a widely used technique, especially by banks. Surely a developer has an account with this kind of login?

It’s an important issue for usability though, I didn’t know you can do it in KeePass. LastPass doesn’t have it, you have an opportunity to go one better!


#4

Here is an example with the barclays.fr site:

The 1st page is standard login/password form which is smoothly managed by bitwarden.
The 2nd page waits for two random letters from an additional “secret word”. Unfortunately as it marked as a “password” field type, bitwarden wrongly automatically fill it with the full standard password.

login field:
<input … type=“text” data-com.agilebits.onepassword.user-edited=“yes”>

password field:
<input … type=“password” data-com.agilebits.onepassword.user-edited=“yes”>

and on the 2nd page, the secret word field:
<input … maxlength=“2” type=“password” data-com.agilebits.onepassword.user-edited=“yes”>

the page URL is the same for the two pages, so it’s not easy to discriminate between both


#5

Metro Bank has the same, and it’s even doubled! I tried to deal with it using custom fields, but I don’t think it’s doable.

This part:
<input id="Pass1_QUE_89907D559BB331AD501200" class="Pass_QUE_89907D559BB331AD501200 seed-pass-text" maxlength="1" type="password">
So, this time Pass1 is for 3rd character from right password.
But next time, Pass1 field might be for 2nd character.

In other words, I haven’t found a way to associate unique id/class with character digit.

And right password is even more rubbish:

Basically, days when I could ctrl + shift + L to my bank’s website are gone. I hate them all, except Monzo. Monzo has a magic link, magic link is friendly.


#6

Thanks for providing examples everyone, as RickJ said, you often only get to these pages after entering a valid user name. Apparently I’m too new of a user to post lots of screenshots and links so I’ll give each example separately if it lets me

Nationwide

The only example I know of where you can see this is Nationwide with Log in using my Memorable Data selected, you have to start typing into the Customer Number and Memorable data (basicaslly just one of 3 different passwords) before it shows you which 3 digits of the passnumber to enter. This one isn’t so bad as the passnumber is 3 digits and Bitwarden does enter the Memorable data as a password but not the Customer Number as the username.


#7

Santander

After entering the customer number here you are presenting with a screen shows a user selected image and phrase for your verification and then 2 separate partial password entries
image

These are all 6 password entries and so Bitwarden will put the full password in all 6 boxes


#8

First Direct

This one is particularly annoying because the online banking opens in a separate popup (top right of page here, you are then asked for 3 characters of a password and the answer to a question, so another password. Since it is a popup window, I don’t have access to the Bitwarden extension anyway (in Chrome at least).

image


#9

Lloyds Bank

Finally the Lloyds Banking Group (Lloyds, TSB and Halifax, all have basically the same website), you are presented with a normal login screen where Bitwarden works as expected here but you are then asked to select 3 characters from a password using drop downs
image


#10

@Andrew_Jackson I totally understand your pain (and thank you for more examples, I know what banks have awful login screens now, so I’ll stay away from them, lol). I’m still not sure how BW could match particular digits with bank’s entry form. Based on what I could see on Metrobank, it’s written as a text (easy for human), but html for a box is always the same, form 1, form 2, form 3, not form 1 for character 3, form 2 for character 5, form 3 for character 7.

It might be different for your banks and they do ‘form 2 for character 5’ thing), but then it’s doable with custom fields already.

I would love to have easier access, but I have to admit, banks are NOT making it any easier for password managers… :sob:


#11

I don’t think there’s any suggestion that BW should be able to pick the correct characters by itself. But it could provide an easy way for the user to pick specific characters from their keyword.

E.g. if my keyword is 8 letters long, then whenever the current field is length 1, BW would present a widget allowing me to select a number between 1 & 8. I still have to cursor into the field, and see the page asking for “letter 3”, but all I have to do is pick “3” in BW, and it puts the 3rd letter into the field.

This is still far easier than having to remember the keyword, and count on my fingers to work out the correct letter!

Would this be do-able?


#12

Yes, I was expecting the user would have to say which character is required but bw could then autofill just that character from the password.

If the field length is not reliable to identify this could it be a setting in the password entry, “This website uses partial passwords” checkbox?


#13

Signed up to add to this.

I understand the problems around the filling part but, as RickJ says, perhaps just showing the subset. I appreciate it’s another button on your fantastically clean UI but would be extremely helpful

Password safe shows a possible method

Capture