The Troublesome Santander Login Screen 2

As is usually the case after upgrading, the Registration Number field on the second login screen on the Santander site is not filled. I have tried re-saving the login, but to no avail. Has anybody had/solved this problem?

Kent


1Password Version: 7.2.4
Extension Version: 7.2.4
OS Version: MacOS 10.14.3
Sync Type: Not Provided

Comments

  • Heter0dyne
    Heter0dyne
    Community Member

    Me too with this one Oxon. Would be nice also if 1P7 could move from page one onward without stopping but suspect this isn't possible. Look forward to replies to this!

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Oxon & @Heter0dyne,

    Another user wrote in and despite the various things we tried we never were able to get a current version of 1Password for Mac to correctly fill the second page. We tried a few things and nothing stuck. Unfortunately as a result I don't have any suggestions to offer. Not only is it remarkably difficult to create test accounts with banks but from previous conversations even if I went out and created an account today, the version of the page I would see wouldn't be the same as you as I believe Santander are moving from requesting the whole password in a single field to individual characters from the same password. One or two users who had to reset their password found they were migrated over and were never able to use the older page going forward. I am sorry I don't have anything more promising to report.

  • Heter0dyne
    Heter0dyne
    Community Member

    Hi littlebobbytales,

    Following your reply I have done some delving, stressing I'm no expert, but think I've a modest solution by doing the following:

    1) I have created a log-in (named San1) for Santander's first page, all fine and this takes me to their next page.
    2) For page two I created a separate log-in (named San2). On my account this page requires two entries entitled 'Passcode' & 'Registration number'. I manually added both these fields as "password" types to my log-in (San2) renaming the labels to suit.
    3) Now, I start my log-in with 'San1' then on page two I use 'San2' and this for me works.

    To help further please see attached below a screenshot taken to help illustrate. I hope you, Oxon and perhaps others find this helpful!

  • Oxon
    Oxon
    Community Member

    Hi Heter0dyne

    It worked for me!

    Many thanks

    Oxon/Kent

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    @Heter0dyne,

    It looks like I have others to contact now. Thank you for reporting back with your success as being unable to visit the page I'd exhausted things I could think to try. That's a great find there!

  • Heter0dyne
    Heter0dyne
    Community Member

    Great to hear this has worked for you too @Oxon. @littlebobbytables, I'm truly pleased this may help others too as we all like simple and convenient!

    Since we are addressing the challenges of Bank websites, I though to add also their complicating matters with 'drop down' boxes, Lars very helpfully mentioned the convenience of selecting 'show in large type'. The description 1P uses belies its benefit as once selected it produces a movable image providing a clear point of reference to accurately complete without relying on memory; I suspect a feature many users will not be aware of!

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Heter0dyne,

    You're right, not everybody knows about Large Type and I've written about it more than once here in the forum, I've even linked to my own posts on occasion. I'm based in the UK as I suspect you may be and so I also make judicious use of this feature. The trick I've found is once the Large Type view is visible you need to jiggle it around. No idea why but if I do that it does indeed stay on screen until I dismiss it and allows focus to be on the page making for a few taps of the keyboard, using tab to jump between the drop downs and done :smile:

    The one question I have about this x, y & z characters from a password is; how are they storing the password such that they can verify individual characters supposedly chosen at random? I'm not sure there is a comforting answer.

  • Heter0dyne
    Heter0dyne
    Community Member

    Hi @littlebobbytables

    Interesting comments. I would respectfully suggest the sequence of wording may serve to mislead some:

    1) 'Copy', 'reveal', 'show in large type'; 'reveal' does as described, but the user may not bother selecting '..large type' as, like me, they assume with no further thought this is just the same as 'reveal' only with a larger typeface.

    2) Importantly, the user is unaware this opens a separate window. Perhaps to make more intuitive, could I humbly suggest changing the wording to something like 'show in large type window'?

    If I understand you fully, yes it does seem that the Bank's selection of the characters required are random, yet if the user makes an incorrect entry the same digits are requested until success.

    I believe the likes of HSBC and Nationwide and possibly others have an additional security layer by providing a separate device. This provides a code in response to one given on their site then subsequently entered to allow progress; goodness knows why they can't simply use 2FA!!

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    edited February 2019

    This is probably not the only place where 1Password could do with a little more hand holding for the uninitiated user and we probably could do with slightly more detailed titles in places. Given the space used in the final option titled look up in vulnerable passwords there's got to be space to expand that text a bit. I shall file an issue.

    So the point I was trying to make with the n_th character approach is whenever there is a security breach those that understand security reach for the pain killers every time it turns out a site made no attempt to protect the passwords as that's a goldmine for bad people. How exactly do these banks store our password such that they can confirm any individual character? With 1Password we can't even reset a Master Password because of the pains we went to to ensure that your Master Password did protect your data. Now for the banks the password is for authentication, not decryption so it isn't serving exactly the same purpose and should the worst happen you can always get the password reset although they will undoubtedly make you jump through hoops. I just wish I could shake the feeling the password must be stored in plain text to achieve what they do. About the only other thing I can think of is the character selection isn't random and instead they store _x number of protected 3 character long passwords generated from what we think the password is.

    That's probably getting a bit off-topic and feels like a rabbit hole that can only lead to tears :tongue:

    ref: apple-3106

This discussion has been closed.