Passwords vs pass phrases how to handle them
I am not sure where to home this query but this seems the best place.
Many financial organisations have both a user name, a password and afterwards you have to choose either 3 of the characters out of a preloaded passphrase or string or give the answer to one of several preloaded questions.
I think it is too much to expect a password manager to be able to fill that sort of thing in automatically but you need the info available while logging into the site. Is there any way of having that information available and linked to the login info on 1Password? Without that you still need to have some stuff available separately
1Password Version: 6.1 for mac
Extension Version: Firefox & Safari
OS Version: OS X 10.11.3
Sync Type: iCloud
Referrer: forum-search:pass phrases
Comments
-
If you edit a login you will find a Notes section into which this info can be added. Would this be enough for you? It works for the sites I need it for.
0 -
Thanks. Looks like what I wanted. I will try it and see!
0 -
Greetings @spock999,
As 1Password stands it can be a useful aid in situations like this but we don't have the ability to fill with some of the more quirky setups that seem to be almost unique to financial institutes. My own bank has a username on the first page and then 6 characters, 3 from a PIN and 3 from a password on the second page. I don't know if it will help or not but here is my setup and how I use it.
I created a Login item that fills in my username for the first page. It doesn't fill in any password as my particular bank doesn't ask for anything like this on the first page but assuming you're asked for a password too it shouldn't be any different, basically the first page asks you for the same information each time so a Login item should work for that page.
Now for the second page, the one where they switch up what they ask you. Some banks it's characters x, y & z or maybe it's asking for the answer of 1 of X security questions, either way the problem is that you're being asked for different information each time. In both cases I set up a custom section in the same Login item. For security questions my habit is to use the field label for the question and the field stores the answer. I then set up a field per security question so when saved I have a list of questions and the answers stored in individual fields. I also set the type of the field to password so that the answers are hidden just like the normal password field in a Login item. For my bank I have two fields set to the password type, one labelled PIN, the other labelled password.
How do I use this when it comes to filling? After getting past the first page, the one 1Password can fill, I use the keyboard shortcut
⌥⌘\
to bring up the 1Password mini menu, rather than⌘\
which would cause 1Password to try and fill. I then bring up the Item Details for my bank item and I anchor the item to the screen. To do this you can either click the anchor button in the bottom left hand corner or the keyboard shortcut⌘O
does the same thing.To help, this is what the Item Details look like when not anchored
and when it's anchored
Admittedly a screenshot of a Secure Note item doesn't seem very useful, it just happened I already had it on my desktop but it's the same no matter what item it is.
With the item anchored on the desktop we can now manually fill the required bits of information.
If you're being asked for the answer to a security question then clicking on the relevant password field will copy the contents of that field to the clipboard and you can paste the answer in. If you're being asked more than one question the fact that the item is anchored means you don't have to open up 1Password mini repeatedly and you simply click on the next answer and paste.
If you're being asked for particular characters then this doesn't really help but we do have something called Large Type which should. The following image should help. When you hover over a password you will normally see a button that says copy but if you click on the little carot to the right of the word copy you get a little menu where one option is titled large type like below.
When you do you should see something like this one the screen
Each character displays the index below it and I do actually find it works pretty well. We know we need to make the large type moveable on the screen and maybe I've just been lucky so far in that it hasn't ever impeded entering stuff into the web page.
Anyway, this is how I work with these weird sites. It would be great if we could do a lot more filling automatically but these pages are tricky. With a standard login page there are a number of things we can assume or commonly see to help us. Username fields are most often a text field and a password is a password field. To stand any chance with the weirder sites there would need to be some level of standardisation to give us something to work with. What we see when we look at the page after its rendered in the browser is very, very different from what the extension has to work with and the source for some pages can leave you wondering what you're looking at. Hopefully something I'm doing might help you discover an easier way to interact with your bank.
0 -
Another thank you. I always thought it would be impossible to plan for automatically filling in what the site required. They are all different as you say.
I will have to absorb and try out the stuff you suggest but I like the idea of giving a level of security to the extra info which the notes field will not do.
0 -
Hi @spock999,
For me there's the two advantages. Whether it's a password or answer to a security question it's just nicer to have to obscured. For anything where you ever need to copy the entire piece of text the ability to click on it rather than using the mouse to select part of a note and then copy is also nicer :smile:
If you have any questions at all please do ask!
0 -
Setting it up is very fiddly. I have tried to do it for a financial institution that just has the username on the first page and the password on the second.
1Password doesn't ask if you want to save it until you put in the password. By which time the website id is incorrect for the first page where you want it to go to fill in the username.
We have 2 accounts with this institution and so I have done 2 logins. I am not sure what I have done differently but one is of the form username; website show web form details button with the password details hidden in the web form details. The second is of the form username; website; Section (header); Password followed by Show web form details button.
I suspect I should be doing this differently!! I have something that works in the end but it does take a while.
It is also irritating that when you use it and put in the password by copying, 1Password comes up and asks you if you want to save it. Is there any way of avoiding that?
Please advise
0 -
Just a couple of additional comments having used the logins in anger!
The large type view is great it gives exactly the information I need. As you say, it doesn't move on the screen but since it stays on top you can position the browser screen OK to use the info. But you need to make certain you don't click on the Large Type window until you have finished!
You seem to be at the mercy of how the owner implements sign in on the website. A key thing seems to be having the sign in page on a separate web page. Two sites I use (tripadvisor and flickr) don't do that, they have little pop up windows that you access by clicking on the page. So the automatic fill doesn't work. But you can obviously copy and paste the info.
0 -
Hi @spock999,
Multi-page logins can be finicky and sometimes it's about finding just that right approach. The tricky bit from our perspective is making sure we don't have too many false positives. If we have 1Password respond asking if you want to save a Login item for a page with even a single text field do we risk annoying everybody on a grand scale because 1Password is asking in lots of places it shouldn't? I know I can be impatient at times and it wouldn't take much for me to curse something that asked too often. Actually I can think of something that does often annoy me, being asked to review an iOS app what seems like every time I open it. Sorry for the mini-rant.
So in this case what might prove to be more effective is our guide, Using 1Password with login sequences split across multiple pages. In there we show you how to manually save a Login item for the first page (because 1Password won't ask by default) and then how to update the Login item once you're on the password page. Now it isn't guaranteed to work, multi-page logins can sometimes require hunches built up through experience with various sites and if one is giving you problems please do let us know as we'll do our best to help.
You're very right though with your second observation. 1Password has to try and cope with an amazing variety of sites and web developers out there really do come up with some... inspired (cough cough) designs. Given some of the things possible between what is and isn't defined in HTML, what is mandatory and what is optional and then how JavaScript brings in an element of unpredictability through dynamic changes to a page and sometimes I'm impressed we work as well as we do with some sites. Thankfully many make very sensible choices when designing a page and I do believe that there is a lot to be said for the KISS approach (Keep It Simple Stupid) as it reduces the chances of something breaking.
You're also right about the Large Type view but once you get used to it I think it works better than I expected it to. So for example if I make sure the first field has keyboard focus before I bring up the Large Type view I know that's the field that will have focus when I start typing. As you say, you can move the page up and down so it appears under the Large Type window, and do so without causing it to disappear and I don't know what other sites are like but with my bank after I've typed one character it moves focus to the next field for me meaning I don't have to worry about that either. After one or two uses it feels not bad at all :smile:
So hopefully we're making progress between these multi-page logins and how we/1Password works.
That would leave what I refer to as sites using a modal window, one where you have to bring up the login window before 1Password can do anything. You're right that a site that uses this approach does nullify the ability for open and fill but most should still work with filling once the window is open. Are you finding that after opening the login window for the site that the keyboard shortcut
⌘\
doesn't log you in? The two sites you've mentioned both seem like ones I can create a test Login item for so I'll be happy to test them if you find this isn't the case :smile:0 -
Yes. A bit of a learning curve! I will look at your guide and try to put it into practise.
One funny though with the Large Type. I have used it on 4 or 5 occasions now and on two of them the Large Type window has closed on me. I had thought I had accidentally clicked on the window the first time but definitely not the second. In the UK the tendency is that when you have to insert characters 5, 7 & 11 say, it is not done by typing but using a mouse/trackpad to click open a drop down window and select the character from the menu. In the two cases, I just clicked the arrow for the drop down menu and the Large Type Window disappeared. On the other cases it didn't. After setting the Large Type Window again the other two drop down menus worked OK. In all cases, I had anchored the login. I am not sure what mechanism is being used for the drop down windows but in some circumstances, it seems to disrupt your Large Type window. This was in logging onto the True Potential website which is used by my financial advisor to send secure messages.
With the two sites I mentioned I was OK with copy and paste. I have to admit, however, that I am just not into keyboard shortcuts at all. I prefer using mouse/trackpad but it didn't work clicking on the open and fill button over the website link with the login open.
Hope that helps.
0 -
Hello @spock999,
I'm UK based too! So my bank is the RBS and they don't use drop down menus but I think Barclays does so I'll try logging in there and see what happens. I've never used Large Font there because there security restrictions are awful and working out the characters for a given index was never an issue. As long as you're comfortable saying what banks do you know use drop down menus?
0 -
Lloyds & Halifax. You can't help with First Direct as they give out a little gizmo that gives you a one time code when you are logging in!
0 -
Hi @spock999,
While we might not be able to fill everything with First Direct you might still find use in 1Password there.
If you need to enter any amount of information along with the one-time code you could set up a Login item to fill everything but the one-time code and then set the Login item to Never submit. The Automatically submit logins after filling can be globally turned on or off to suit your normal preferences but we acknowledge that some sites require extra information that 1Password can't help with and there may be a need for a per item setting. If you edit the Login item after creating it you will find two new options become visible. The one you're interested in is titled submit and the default setting is Submit when enabled. You can change it though to Never submit and what it means is you could fill with this Login item and still have control to enter a one-time code or similar.
It turns out I've been mulling over opening an ISA at Halifax so if I get round to it I'll certainly pass on anything I learn about the signing in process there. That might be a while yet though but I will have to keep this thread in mind.
I've checked out my Barclaycard account though and what I found was if I anchored the item and then brought up the Large Type view it seemed to be quite happy with me mucking about with the Safari window. I could open the drop down menus, select the required characters and even resize the Safari window, all without causing the Large Type view to disappear. Now if the view disappeared but then behaved in a more stable manner maybe it's a quirk on our side rather than something specific to the web page you're trying to interact with. We're both running the same version of 1Password for Mac though so I'd hope we'd see the same behaviour here.
I'll look into tripadvisor and flickr and see why we're not filling though.
0 -
Don't forget I use Firefox- it may be the enemy!!
I'll look into the First Direct login. It is another one where you have to click to open a pop up window and then work in that. I haven't tackled the bank logins yet as I was waiting for your response that came yesterday evening. And then I thought best be fresh for this!
0 -
@spock999 Firefox is generally a pretty good browser from an extensions point of view. For instance, it's the only one where we can perform reliable autosubmit with Javascript rather than relying on the Applescript from the main app. But, with the power that Firefox exposes for extensions, it is somewhat more common for some extensions to conflict with each other. Double edged swords…
I too have been troubled by the dismissing of the large type element. I'm not sure what the option is there because we don't want to leave it on screen too long, but at the same time, users need to be able to do stuff without the thing dismissing. We have the anchoring option for 1Password mini's detail view, so perhaps that's another option we could consider for large type…
As you get to testing these logins, please don't hesitate to let us know if you run into issues. We're always here to help.
0 -
At the moment, I am using the True Potential login mentioned above quite a bit. Of the last six logins, 4 have been OK and in two the Large Type screen disappeared when I clicked on the website. Once when I clicked on the drop down menu arrow and once when I just clicked on the website. On both occasions it was the first time I had clicked on the website after bringing up the Large Type window.
To me there is definitely a cause and its effect. Assuming Firefox leaves things in a similar state each time, it looks like in some circumstances the Large Type window is de-stabalised/dismissed by the first click to reselect the website. Anchoring would be useful though. I am OK on the iMac but having Large Type fixed in place on my 13" MacBook Pro makes it unusable as there is insufficient spare screen space to use.
0 -
In fact, I would guess that in those circumstances (whatever they are!) that first click is being treated as a click right in the centre of the screen - ie smack bang in the middle of your Large Type window which is then dismissed.
0 -
Actually, I think it is a little less sophisticated than that. I think it is treated as just a temporary display of your password such as for reading out on the phone and when you click away, 1Password thinks you're done with the information. We have an open issue for this so I will add your voice to it as well. Thanks for the feedback!
ref: OPM-3217
0