Taking into account more information for evaluating weak passwords

invenio
invenio
Community Member
in 1Password in the Browser

Some websites need more than a user name and a password to login. Qantas' site for instance requires you to enter your last name (could be considered the user name), your membership no and a (weak) PIN (could be considered the password). In this case the membership number and the PIN together function as the password.

The way I've saved this in the 1Password app is

Aside that this way of logging in pisses me off a bit since you still need to enter some information copy-pasting, but would it be possible to calculate the password strength taking in more than just the "password" – or PIN, as in this case?
Admittedly, this is not as safe as having the password requirements of some other sites, but it would allow for better estimation of password strength.

1Password Version: 6.8
Extension Version: 4.6.6
OS Version: OS X 10.11.6
Sync Type: iCloud
Referrer: forum-search:weak passwords

Comments

  • rudy
    rudy

    @invenio,

    That's certainly an interesting idea. Though I'm not sure that the member number should really feed into part of the password strength calculation here. There are ways to set up a login to fill 3 fields, generally, I'm moving this question over to the saving&filling forum so that they can assist you with getting it to fill the 3 fields when you use that item.

    Rudy

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @invenio,

    Can you try visiting https://www.qantas.com/fflyer/dyns/LoginForm please and creating a new Login item there using the steps outlined on our page How to save a Login manually in your browser. You should find 1Password will fill all three fields. I believe that if I probe further I will find that 1Password is attempting to fill all three fields on the home page but that our analysis of the page triggers the page's JavaScript and hides the login form, either removing the surname field complete or clearing it. The dedicated page will not suffer from this.

    Does this help at all?

  • invenio
    invenio
    Community Member

    Thanks, @littlebobbytables. It works for me on the dedicated page (https://www.qantas.com/fflyer/dyns/LoginForm) you mention, but it would require me to navigate there to use the "fully automated" login. I haven't even had a look of how to get to that dedicated page. Seems that Qantas is trying to do something fancy...

    Interestingly, if I create a new login through the procedure described on your help page and try using that one on the home page (either https://www.qantas.com/ca/en.html or https://www.qantas.com/au/en.html), the last name is filled under membership number.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @invenio: Thanks for following up! The first URL is definitely the best since it has consistent field IDs which 1Password can fill. 1Password is not able to fill reliably on the other page, but I've added my findings to our issue tracker so we can see if there's something we can do to help with this. Thank you!

    ref: BRAIN-327

This discussion has been closed.