Login on https://banking.dkb.de not working any more

On all my clients (Windows 10, Mac OS X Mojave, iOS 12) 1Password is no more working correctly on https://banking.dkb.de.

The form fields are filled correctly, but if you try to login, an error states "The entered password must be at least five characters long".

It doesn't matter, if I use auto-fill by keyboard shortcut or select an entry of a list and choose it, to fill the form fields. Seems like the password is entered in the field, but not transmitted to the server upon sending the form.

It works, if you copy and paste the password manually into the field.

As mentioned, it's an all platforms the same:

Windows 10 Pro
1Password for Windows 7.2.581

Mac OS X Mojave
Windows 7...

iOS 12
1Password 7.2


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @PickleRick,

    So this is a tough one because the error is only after trying to sign in and that usually requires a real account for testing. This is what I've managed to learn so far.

    If I submit dummy credentials and the password is less than five digits I get a particular error message as so

    Das eingegebene Passwort muss mindestens fünf Stellen lang sein.

    If I submit dummy credentials and the password is longer than 5 digits but also contains characters I get a different error message, one that includes the following sentence.

    Bitte geben Sie auch hier für Ihr bestehendes Passwort zunächst nur die ersten 5 Stellen ein.

    If I save a Login item in 1Password using the dummy credentials for the second case and fill I still see the same error message suggesting that it is filling correctly.

    It's not conclusive evidence as I don't have real account details but given this can you try saving a new Login item for me please using the steps outlined on our support page How to save a Login manually in your browser and see what happens if you try to use this to fill.

    wubba lubba dub dub

  • PickleRick
    PickleRick
    Community Member
    edited October 2018

    "wubba lubba dub dub"

    Made my day! :-D

    I solved the problem and it's a mixture of my fault and confusing error messages.

    When I changed my password, I changed it to a password with character length 64. Hey, it's a banking account, isn't it.

    What I missed, was the information in the dialogue, that passwords must be only 38 characters long.

    I put in the new password via copy and paste from the password generator. Due to the correct form field format the pasted password was cut off after 38 characters. (Note as a web developer: I would not do this this way!)

    The form field filling mechanics of 1Password are somehow, even if the webpage's code limits the form field to 38 characters, able to insert more than those 38 characters in the login form, e. g. the full 64 characters of my password.

    A server-side check when sending the form than realizes, the password has 64 characters and displays the generic "wrong length" message:

    Das eingegebene Passwort muss mindestens fünf Stellen lang sein.

    (Note as a web developer: I would differ the "too short" and "too long" messages!)

    If you copy and paste the password manually, the 64 characters long password is cut off after 38 characters and therefore correct, even if the password stored in 1Password has more than 38 characters.

    I changed the password to a length of 38 characters and now everything works correctly.

    This is something, Rick would never happen... maybe I should reconsider this nick name.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @PickleRick,

    I can completely understand how you would reach this point and why you'd be confused. 1Password's part in this is that we set the value of a field directly and I'm not sure if we can trigger the same response you get when you paste where it cuts off characters after a certain length. What we do need to try and do is a better job of identifying limits to try and help avoid this situations.

    I'm glad despite the misleading messages you were able to figure out why you were getting an error and the good news is that while 64 characters would have been insanely strong (just what you want for your bank I agree) 38 characters still takes you into the unfeasible to brute force category.

    Let us know if you have any further troubles with this site or others.

This discussion has been closed.