Ally Bank: copy & paste into the "change password" fields is disabled

edited November 2014 in 1Password 4 for Windows

Here's how to handle Ally's multipage login.

Go to the Ally Bank login page:

https://secure.ally.com/allyWebClient/login.do

The first page asks for your username. Type it in, then click Continue.

The second page displays your username in bold letters, and the blank password field. Type in your password and click Login.

1Password will ask if you want to save this login. Save it.

Bring up the 1Password application, right-click and Edit your new Ally login.

At the bottom, you will see 2 lines:

Name ... Value ... Type ... Designation passwordPvtBlock (your passwd) password password button log in text none

Click the + button at the right. Then add this line:

Name ... Value ... Type ... Designation username (your username) text none

Click OK to save.

Now to log in, go to the Ally Bank login page again:

https://secure.ally.com/allyWebClient/login.do

Open 1Password in the browser bar and select your new Ally login. It will populate the username field,

Click Continue.

You will then arrive at the Bank Login page. You will see your username in bold letters, and the blank password field.

Open 1Password in the browser bar and select your new Ally login again. This time, it will populate the password field and log you in.


Now, the bad news.

If you want to change your password using 1Password, you will have a problem, not of 1Password's making.

Both Ally's Current Password field and its Change Password fields will not allow you to paste in a password. This means you will need to use a simpler password that you can reasonable type.

Why?

"Many sites now disable the 'paste' function. So if you have a complex password, you can't cut and paste it - you have to type it from the keyboard. This also breaks many 'password keeper' applications. So what does this encourage? Simple passwords, that's what. Just because you can enable a neat feature doesn't meant that it's helpful."

(from https://isc.sans.edu/forums/diary/Another+Site+Breached+-+Time+to+Change+your+Passwords+If+you+can+that+is/18155)

"I was admittedly mystified by this practice so I asked around and got a whole range of answers along the lines of 'because some developers are just stupid.'"

(from http://www.troyhunt.com/2014/05/the-cobra-effect-that-is-disabling.html. Extensive discussion of this practice at the site.)

Comments

This discussion has been closed.