Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow selecting which *letters* to input into separate password fields? #310

Open
michalrus opened this issue Nov 19, 2022 · 3 comments
Open

Comments

@michalrus
Copy link

Some services (I think I've only seen that in Polish banks) require you to input only selected letters from the password, e.g.:

Screenshot 2022-11-19 at 16 21 21

General information

  • Operating system + version: macOS Monterey 12.3 (21E230) on Apple M1
  • Browser + version: Chrome Version 107.0.5304.110 (Official Build) (arm64)
  • Information about the host app:
    • How did you install it? From Nixpkgs
    • If installed an official release, put a version ($ browserpass --version): Browserpass host app version: 3.0.10
    • If built from sources, put a commit id ($ git describe --always): n/a, but nix-repl> browserpass.src.url = "https://github.com/browserpass/browserpass-native/archive/3.0.10.tar.gz"
  • Information about the browser extension:
    • How did you install it? From official Chrome Web Store
    • Browserpass extension version as reported by your browser: 3.7.2

Exact steps to reproduce the problem

  1. Go to https://ing.pl/ and try to log in.

What should happen?

I would imagine, in ideal world browserpass-extension could ask me which characters I want to input, and then input them, one per each <input type="password">.

What happened instead?

Only the first letter is filled in.

@erayd
Copy link
Collaborator

erayd commented Nov 21, 2022

@maximbaz What do you think?

My opinion is that this is way out of scope... i.e. that we shouldn't be building an interface to handle such an extreme departure from the norm of filling one and only one field per value. If we were to automate this, it would also risk leaking parts of the secret into fields they should not be entered into.

@maximbaz
Copy link
Member

I also feel like it's very special and unique interface, where I just don't know a good way to support it without risking of either leaking credentials or breaking input on other websites...

@michalrus
Copy link
Author

Sure, that sounds reasonable, thank you!

It’s rather uncool that bank users cannot turn this option off. I already filed a complaint, we’ll see, but changing anything in banks is very hard.

I remember KeePass 2.x used to have {PICKCHARS}, e.g.:

… but I think they emulated actual keypresses in OS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants