Problems with Region's Bank Website

https://www.regions.com/personal-banking

For whatever region, the website frequently--but not always--rejects the password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:region's bank

Comments

  • williakz
    williakz
    Community Member
    edited June 2020

    Hmm...looks to me like it (Regions, 1PX, poltergeist?) is somehow storing my security question answers as passwords. Just looked at my password history for Regions and I can see where they've been bouncing back and forth between the two types over the last couple years. Never noticed it before.

    (P.S. I didn't use your link directly for obvious reasons but confirmed that's where I ended up.)

  • Hi @rtvanhook! Unfortunately without an account I can't test actual sign-in, but I'm wondering if copying and pasting, using drag and drop, or typing the password by hand also cause the website to reject the password? Is there any rhyme or reason that you can tell for when things are rejected? Sometimes this can happen if there's a maximum password length the website expects and the password stored in 1Password is longer than this. I don't see anything in the HTML of the page to support this hypothesis in this case, but it still might be worth checking how long the password when autofilled is vs. when entered manually.

  • williakz
    williakz
    Community Member

    @ag_micaelc:

    Is it possible a lazy Regions programmer used the same programmatic label for the field containing the answer to the security question as they did for the actual password field on the previous page in the login sequence?

    And that 1PX updates its Regions password with the user-entered security question answer which will then cause a login failure on the next attempt to gain access to the site? Note that nothing in Regions' database has changed, only 1Password's data has been altered.

    Finally, the occasional nature of the problem reported by the OP could be due to the fact that multiple logins WITHOUT security question prompting (and subsequent overwriting of the password by the answer by 1PX) are possible as long as the computer/user/link is not materially changed from session to session (i.e. "trusted"). Whenever a session is NOT trusted, a security question is posed, 1PX's password is overwritten with the answer, and the next login cycle is doomed to fail.

  • Hey @williakz. The fields are probably labeled as password fields so that they are concealed by default. It's worth noting that things in 1Password don't get updated automatically; if the password in your actual item has been changed, that would mean that the autosave prompt appeared at some point and it was selected to save/update the password. You can also turn off autosave on that particular domain so you're not prompted to save/update in the future, but of course if you do actually change your password at some point, you'll have to make sure to update that information in 1Password manually, as you won't be prompted to save it automatically.

  • williakz
    williakz
    Community Member

    Gotcha @ag_michaelc. I agree there's something odd going on but my password history definitely shows my Regions password alternating between the one I originally chose (and have never purposefully changed) and the various answers to my security questions (also never changed). I certainly do not recall ever updating 1P's login info for Regions (beyond the initial setup of the Regions account in 1P).

    However, I do recall being told a while back that 1P somewhat mysteriously "remembers" a third, non-displayed login field on its own (handy for 3 field login forms like some of the airlines). Could it be that when Regions decides a given login attempt is not trusted and therefore poses a security question that 1P tries to place the answer in its hidden third field but for some reason (misnamed field?) overwrites its prior password?

    I've been trying to figure out how to force Regions to pose the security question in order to see if there's a method to the madness, but so far no luck. I'll update the thread if and when I find something.

  • ag_ana
    ag_ana
    1Password Alumni

    @williakz:

    However, I do recall being told a while back that 1P somewhat mysteriously "remembers" a third, non-displayed login field on its own (handy for 3 field login forms like some of the airlines).

    You can check all fields stored by 1Password inside the relevant item section (for example, on Mac it's called View Saved Form Details). Do you see additional fields stored there?

    Could it be that when Regions decides a given login attempt is not trusted and therefore poses a security question that 1P tries to place the answer in its hidden third field but for some reason (misnamed field?) overwrites its prior password?

    It's possible, although it's difficult to say without having an account on the website. Have you tried doing this? Did you notice this happening when you tried?

  • williakz
    williakz
    Community Member

    Hi @ag_ana, I experienced the same site behavior as the OP and thought I would chime in to let you good folks know it's an issue as well as to give you some additional info on my setup. Unfortunately, with none of AG Tech Support able to access the site, it's evidently an insoluble problem. So be it.

  • ag_ana
    ag_ana
    1Password Alumni

    @williakz:

    Thank you for the collaboration on this! If you would like to test your theory and see if 1Password indeed behaves as you suspect on that website, please feel free to let us know anytime :+1:

  • williakz
    williakz
    Community Member

    My intent was to investigate the problem so as to give YOU folks what info I could dig up, so YOU could get cracking on solving your users' problems (2 out of millions, I know). I'm in NO WAY looking to intern as a junior AG Tech! I suggest somebody over there consider ponying up a buck or two and opening a Regions account—maybe there'll be a toaster in it for your trouble.

  • ag_ana
    ag_ana
    1Password Alumni

    @williakz:

    Thank you! To clarify, I was addressing your earlier question, where you asked:

    Could it be that when Regions decides a given login attempt is not trusted and therefore poses a security question that 1P tries to place the answer in its hidden third field but for some reason (misnamed field?) overwrites its prior password?

    And I believe that you have the answer to that already. In other words: when that website asks you a security question and you answer it, did 1Password put that answer in a third field and overwrite the prior password? Is this what you are seeing? This is what I was trying to understand :)

This discussion has been closed.