Auto-fill specified characters of passwords

this is reeeeally dumb.

There is no point in doing this polynomial math to avoid storing the user’s 3 characters since a hacker could steal the b values for all users and try every ASCII value until the correct value appears in nanoseconds.

when your password is reduced to 3 characters and stored with extremely computationally simple math, you might as well store it plaintext.

It’s about the same as using ROT13 and calling it “cryptography”

You might find this of interest: https://crypto.stackexchange.com/questions/43775/how-can-you-extract-individual-characters-of-an-encrypted-string-such-as-a-passw

I see this quite often and would suggest a slightly easier option.
Can we have a field or option that will automatically add the index number to the string so that it is easier to see what nth character is.
I know it falls short of the auto fill option but it would make it easier to use manually and is another benefit of using Bitwarden as a password manager

Example
1 2 3 4 5 6 7 8 9 10 11 12
T h 1 s : I S p a s s w

Character 7 = S
Character 9 =a
Character 11 = s

2 Likes

That would certainly be useful! Especially for long passwords.

I came here to suggest precisely this index. With really long passwords, it’s really a pain to identify, say, characters 8, 16, 24. I often have to copy the whole password in clear text to notepad and count columns, which creates a vulnerability. I can’t imagine how hard it must be for people with dyslexia.

Even better, we could enter 7, 9, 11 in BW and it would return S, a, s. Easier and this way we won’t even have to make the password visible on the screen.

In the UK practically every bank I know uses this, and I risk being locked out every time because I fail to enter the correct characters 2-3 times.

1 Like

It usually works as @DarkStar said. I’ve seen this in Poland, UK, and Germany. This is a common practice, and passwords are not being stored in plain text. And now it always comes with 2FA, at least in my bank. If you don’t want to add this functionality, at least add small numbers above or under each password character as the option. This small feature will help us a lot. At this point all password managers are useless on this kind of sites.

2 Likes

1Password has the exact feature you’re describing (showing 1, 2, 3… under each character). This would be incredibly useful in Bitwarden since my experience with U.K. banks has been the same as many other’s in this thread (the ‘please type the nth character of your memorable word’ is very very common over here).

Of UK banks I use, the following request nth character to login

  • Natwest
  • TSB
  • halifax

Santander do not do this.

so 75% of my banks require nth character login.

I would really appreciate numbered passwords in bitwarden interface as others have suggested. We are premium payers and find bitwarden great in general.

Thanks

1 Like

I’ve had a workaround for this for a long time which is massively inelegant where I wish there was a tiny bit of support from the password manager: I use the ‘notes’ field to record the secret phrase and then on a separate line I number the characters:

m Y p a 5 5
1 2 3 4 5 6

Unfortunately, given the notes in the password manager are not fixed width, the alignment is really bad. If I could just have an option to have the notes in a monospaced font, I wouldn’t have any issues until a proper feature for this came along.

I would like to see a solution for this, too. For Halifax, I have tried adding custom fields as “Character 1” etc, and then its value, but that does not seem to work. Bitwarden tries to fill it in, but fails.

This is never going away, it’s a standard for the majority of banks in some countries, and no password manager is going to change that nor encourage/discourage it, so making it easier for BitWarden users to use their bank is a far better option than not supporting it at all and encouraging users to use passwords they know in their head (and thus are easier to extract characters from) instead, simply on a “this isn’t a good system” pretence.

Nor does it mean the password is stored in plaintext, and in fact that’s very unlikely as UK banking regs are incredibly strict. More likely they hash different variations of the password when you set it, so the permutations of characters you can get is hard coded. In the past I’ve been asked to update my password with banks, no doubt because the permutation list was updated.

1 Like

1Password have a really good workaround for this
They have a feature called large font where passwords are displayed in large with the character number as below (e.g: for for password “aqrptv”)

This could be implemented as below

2 Likes

I have actually just seen a really nice way this is implemented by Enpass.
Right clicking on the password gives these options

View subset (in the desktio app, poorly implemented in the browser) allows you to see the specific characters you want (e.g: 3, 17, 21)

Most of the banks in Poland use this type of input. I would be really happy to see such a feature implemented. If not autofill then at least the indexed password option.

Really interested in this. Also, how are people currently storing these kinds of memorable words?

Most sites that I use ask for a password then they have this memorable word option instead of 2FA so I currently store the password as usual but then in the ‘notes’ section store the associated memorable word but would at least like a proper way to store this kind of data so it’s at least masked if someone is watching over my shoulder.

Instead of saving it in the notes scroll further down to the CUSTOM FIELDS. Below “New Custom Field” select “Hidden”, then click onto the + sign to the left of it. Add a name (this will stay visible) and then below the “memorable word” which - after saving - will be masked like a password.

1 Like

Amazing thanks :slight_smile:

Almost every bank I’ve used has had this security measure, and whilst I agree that it is annoying and bad practice from the bank, I doubt it is going away any time soon and would love some sort of function that can allow the autofill of a specified character position. I tried custom fields but unfortunately it doesn’t work as the custom field IDs are numbered as 1, 2 and 3 rather than the actual character positions that they are requesting (which changes each time).

I’ve just noticed that the view password feature in the Firefox extension now has an option to number each character. While this isn’t auto-fill, it is super useful!
I’m happy with the implemented solution.

I posted a workaround a couple of years ago that achieves this using Bitwarden:

1 Like