1P 4.6 masked password fields for bank WBK - help needed.

tommyfp
tommyfp
Community Member
edited September 2015 in 1Password in the Browser

Hi
I need your help in creating autofilling password for my bank - WBK. It's 2 steps login.

https://www.centrum24.pl/centrum24-web/login

First step is NIK site. If you enter this nick: 12345678 you will be moved to secound site (PIN site with masked password fields), and here i've got problem. I can't force 1password to fill required fields. Is there any way to do this?

I found very similar discussion on this page:
https://discussions.agilebits.com/discussion/comment/4508#Comment_4508
But this method doesn't work anymore.

Thank you in advance for your help.

Comments

  • Greetings @tommyfp,

    Thank you for both the link and the dummy data to allow us to see the page of importance.

    So the bad news is we are unable to automatically fill a page like this where you're asked for random entries from a password. We currently can only fill when a page is static and you're asked for the same data each time in the same field. In these instances they're specifically asking for portions of your password in the attempt to defeat anything monitoring your keystrokes by having you never enter your full password.

    We do have something in our current 1Password for Mac beta that will hopefully help those suffering with sites like this but it will still require the user manually entering the data into the fields. It looks a little like this.

    In 1Password for Windows there is a different feature called Auto-Type but it wasn't intended to allow single characters so it may end up feeling quite unwieldy.

    I do apologise we don't have a more elegant approach to sites that do stuff like this.

    In a very separate note from us being able to fill pages like this I would like you to ask yourself a question. Passwords should never be stored in a plaintext format for fear of a data breach. Passwords should not be readable, not even by staff of the site. All that is really required is that some encrypted, salted, hashed form of your password matches one they have stored. What does it say if they can confirm individual characters of a password? I apologise, it's a pet annoyance of mine and it's something many banks seem to do. I have my concerns over how secure a system like that can be. If I'm really lucky I'm proven wrong.

This discussion has been closed.