Password entry issue: 'selective' digit entry – solutions?
Many logins (banks especially!) ask for selective digits from your password. This is truly a pain in the backside.
e.g. say your password is nice and long: kjdbjw2qe34-xlewKXedcSKL
Then on phone to said organisation, they ask you for separate digits from your password, often using an automated system. The call goes like this:
'From your password, please say the... 5th digit from your password'
...3-4 second gap to speak...'now the... 11th digit'
...3-4 second gap to speak...'and now the... 16th digit'
...3-4 second gap to speak...'and finally the... 20th digit'
...3-4 second gap to speak...
If you don't say it within the 3-4 second time in each gap, then you get:
'I didn't get that, please try again, I need the... 5th digit from your security password'
...quick 3 seconds scramble around to count along to the x-th digit... 'sorry I haven't been able to authenticate you, goodbye'
...cut-off!
Many give you next to no time (within a 3-5 second time-frame!) to comply with the correct digit, before failing the call or pushing you into a manual queue for a human with a minutes/hours wait!
I come across this more and more over time, on both phone and online logins (sometimes they do it for separate pieces of info: "password" and "memorable information", or similar) and it's a complete flipping pain to count, then lose your place, then try and count again.
Any solutions in 1Password?
.......................................................................................................................
What would be good is if 1Password could number the digits, or at least make it an option for users to select on those that do.
(obviously the "Copy" dropdown would still copy the whole password without any spaces!)
Then the user could see digit 5/11/16/20 without doing the almost impossible feat, of counting along the digits of the pw, in enough time to enter on suck dickhead systems, lol!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@vplewis – ah OK, I've never realised that (funny how one misses things!).
However, having it as an always viewable option would help further, as it's fiddly having to quickly select the menu item.
Furthermore, on iOS –where it's very often needed by many the most– doesn't seemingly have it; just checked iPhone & iPad. :-\0 -
-
Doesn't this mean that your bank is storing the password, rather than a hash of the password?
A prime candidate site for a hacking attempt especially if this represents their approach to security architecture?0 -
@idontno - almost certainly, yes...unfortunately. I haven't looked in on the guts of this issue in a while, but the last time I checked that was the case. I don't think there's been developed a way since then to be able to both know the characters and NOT know them, if you take my meaning. A hash wouldn't be of help here, only knowing (and presumably, having stored decrypted somewhere) the actual password itself, in plaintext, would do it. I could be wrong, but if the possibilities are either a brew-your-own scheme of on-the-fly en/decryption of users' passwords to maintain security and decrypt only as needed, or simply storing the password in plaintext, I know which one I think is more likely for many sites (including, alas, too many financial sites) would be more likely to choose, sadly. :(
0 -
I don't know the security issues you mention, but usually this type of question is:
1) Handled by an AUTOMATED system, rather than a human; so presumably they a security measure there somewhere.
And more pertinently...
2) This is usually one of several items needed to clear security, rather than a single thing and you're in.I guess iOS will have to wait then, but thanks for your responses anyway.
0