Problems with USAA login [site issue: 12 character password limit]
I installed 1password for Mac, installed the chrome extension (V. 4.0.1.99). I went to the websites I normally need logins for and started logging on normally. Each time 1Password stored the passwords and I can get in with no problem to all of them now EXCEPT USAA. It doesn't automagically fill in the fields and when I go and click on the key icon and then click on the arrow, it fills in my username and password, which USAA promptly rejects as WRONG. When I go into the desktop program and look at what is there, it is correct. I even tried deleting the info and putting it in manually but no dice. It says the username or password don't match what they have on file. Any words of wisdom? All other banks and credit card companies are working fine.
Comments
-
Hi @cwieberdink,
I would like to apologize for the delay in responding to you here but we have been a bit overwhelmed since the launch of 1Password 4 for Mac. We're all working hard and putting in extra hours to get back to our usual snappy responses and we really appreciate your patience.
When you are having trouble with just one website, the easiest thing to do is to save a new copy of the Login. Let's try this:
- Visit the site and fill in the fields you want filled. Do NOT click the login button.
- Click the 1Password extension, and unlock it if necessary
- Click the gear icon (or vault icon if multiple vaults are enabled) in the upper right corner.
- Select Save new login.
- Give the entry a unique and identifiable title.
- Click Save.
- Revisit the site and see if 1Password fills in the site correctly.
If that doesn't work, could you let us know the site's address so we can test it?
0 -
I was having the same issues and discovered it's because the password field on usaa.com truncates what's entered to 12 characters. If I change the password stored to just the first 12 characters, it works fine. I've sent them a message about that
0 -
I discovered the same thing about the 12 character limit on password length at USAA shortly after I adopted 1Password last spring. I also complained. They don't even say this is a limit in their instructions. They do accept special characters, even though there is no mention of that in their criteria either. I can't remember exactly what they said in response to my complaint, but it was noncommittal.
0 -
Update: USAA simply has a 12 character limit on their passwords, but does not error if you provide one longer than that when setting it; they simply truncate anything beyond that.
0 -
USAA simply has a 12 character limit on their passwords, but does not error if you provide one longer than that when setting it; they simply truncate anything beyond that.
Right, and that makes the system even worse, in my opinion. At best, you get a false sense of security, at worst you get led astray when you try to be responsible for your own security by using a password manager and an unmemorable password.
0 -
Thank you for this information, @mbulman and @hawkmoth.
When manually typing in the Password field on the USAA site is simply stops accepting input at that 12 character limit, but longer passwords can be pasted into it. To clarify, do you know if submitting a +12 character password get rejected even though its actual length is limited and truncated (if necessary) to 12 characters?
0 -
If you change your password and use one longer than 12 characters, their system appears to accept it. But if you then attempt to log in with that new, longer-than-twelve-character password, you get rejected. The change-password system apparently truncates input at 12 characters, but the login page accepts any length password and tests it against the truncated version that was constructed in the change menus. I discovered this by trial and error after I used 1Password to construct a new password that was more than 12 characters long.
It may be that when you paste in a new password while changing it, the system only records the first 12 characters. I think I discovered this limit by counting the number of dots in the new password field.
As I said, I griped about this, both because of the length limit and because it was not specified in their criteria.
0 -
Does everyone agree this is fundamentally an issue with the USAA site? Is there anything being suggested that 1Password should do about it?
0 -
Yes, I do believe this is a problem with the USAA site. I don't see what 1Password could do about it. So count me as one who says you folks are off the hook. I've thought this all along, ever since I uncovered the problem, so I didn't report it before.
0 -
As a general rule, I always log out of a site and then test to see that the saved Logins item will get me back in before "moving on" and forgetting about having made a change. I've only been bitten by this on two sites but each could have been a confused disaster had I not returned for a period of months or years afterwards.
It adds 2 minutes to the process but I feel better knowing that what has been stored actually works on the site. I trust 1Password… it's the web site I do not trust. :) I think it's like people that have had a hard drive failure: those that never have probably think that backups are for sissies but anyone that has had to recover without a backup knows their weight in gold the next time.
0 -
@MartyS, I do the same thing. That is how I found out about the problems with the USAA site. But I did have to request a password reset before I figured things out. All I knew at the beginning was that my shiny new password that had been accepted by the site wouldn't work to log me back in.
0 -
And one way of looking at how 1Password is involved in this is for any role it had in helping to expose the problem. :)
0