This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Treasury Direct (treasurydirect.gov)

This might be a stretch but is there a way for 1Password to store login details for TreasuryDirect online account? It is one of the toughest login for any online account on the web (a good thing).

Comments

  • Just got 1 Password for Mac and I have my first question. I have an account at TreasuryDirect.gov. The login requires you to enter your account number with your key board as usual but then you enter your password by mouse clicking on a screen image of a keyboard layout. Have you seen this type of password system? I'm guessing there is no way to do this using 1 Password?
  • khad
    khad Social Choreographer
    Welcome to the forums, Bruce! I like your username. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_bigsmile.png' class='bbc_emoticon' alt=':-D' /> (Or does the LA stand for Louisiana? I won't like it any less if it does. Okay maybe just a little.)



    Anyway, I have seen that before and was frustrated that someone who presumably knows better would code a site like that. Keyloggers can take screenshots too. D'oh! The bad news is that it probably won't work in Safari or Firefox right now.



    The good news is that the site appears to work well in Chrome which is making use of our very latest form filling code, so we do have a "fix," but I do not currently have a time frame for when it will be ported to our Safari/Firefox extensions. There is a light at the end of the tunnel, though. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    You could also give the 1Password extension in Google Chrome a try if you were interested in an immediate solution. I'd love to know how it goes if you do. It looks like it is filling correctly, but I don't have an account there to actually test the [i]submission[/i].



    if you have trouble, consider editing the login in 1Password to change the submit value from "If Autosubmit is ON" to "Never." You may also need to resave the login in Chrome manually:



    1. Enter your username and password, but DO NOT submit the form.

    2. Click the 1Password button in Chrome's toolbar, and choose "Save new Login."

    3. Set the Action field to Create New Login (or to Replace <login-name>, to update an existing Login item).

    4. Click the Save button.



    Please let me know how it turns out.
  • Thanks for the info and yes, LA does stand for Los Angeles. Have never used Chrome before. Interested in hearing other forum members thoughts on the difference between Chrome and Safari.
  • khad
    khad Social Choreographer
    edited May 2011
    I am actually a recent convert myself. Safari is more "Mac-like" in some ways, but Chrome just can't be beat for rock solid stability. I don't think it has crashed or hung once. That's what pushed me over the edge to Chrome. Now that our Chrome extension is getting so much love, it is very usable. There are still differences, but browser stability is of utmost importance to me in my line of work. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



    I am curious what other have to say as well. Maybe start a new thread in [url="http://forum.agile.ws/index.php?/forum/7-agile-lounge/"]the lounge[/url] to discuss the pros and cons of different browsers…? It might get a bit more traction than being buried at the bottom of this thread.



    Of course, we also have a [url="http://forum.agile.ws/index.php?/forum/14-1password-3-for-google-chrome/"]Chrome forum[/url] if you care to peruse. Be warned that all the [b]awesomeness[/b] is not usually reported, usually it's just the problems. Don't let it scare you. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />



    Also, Los Angeles FTW.
  • I've opened an account which seems to have found a way to minimize the contribution of 1P. In signing-up for the account, one provides a user name and a password which triggers a return email message providing an account number and (later, by snail mail) a device best described as a "challenge and response" key.



    When one has completed these preliminaries, logging into the site consists of entering the account number (by physical keyboard), but entering the password by mouse click on a virtual keyboard provided by the site on screen. This is the only way to enter the password. A robust password of mixed characters, numerals, and symbols must be entered by mouse click on the screen keyboard. While doubtless very secure, this process seems like "dark ages" to one who has become accustomed to CMD+\. The satisfactory entry of account # and password opens a second sign-in screen that uses the challenge/response key with responses entered by the virtual keyboard as well.



    As best I can figure out, the value 1P adds is limited to being a secure repository for username, generated password, and physical location of the challenge and response key. That's not bad, but am I missing a feature in 1P for Mac that would speed up the log-in process? I'm concerned about high security sites in the future requiring virtual keyboard entry.
  • Watertight,



    Would you be willing to provide the URL for the website? I believe you have explained the situation very well, but in order to determine the true degradation of 1P's value for such a site, it is important to test the site and review its source code.



    Regardless of the final determination regarding 1P's ability to navigate the physical/virtual entry mix, I look forward to hearing AB's experts discuss the matter.



    I hope you will provide more information. I'd love to find out the answer to your question.



    Cheers!



    Brandt
  • khad
    khad Social Choreographer
    While we await the URL for the site, I will say that I have seen a site like this in the past (though I cannot find the URL or discussion surrounding it at the moment).



    While some would argue that this sort of login is more secure, the login process ends up usually having the effect of subtly encouraging folks to choose weaker passwords since it is such a pain in the…neck to enter them.



    The site I recall was working very hard to block password managers like 1Password.



    See also [url="http://forum.agile.ws/index.php?/topic/3333-passwords-stay-in-clipboard-1passwordanywhere/page__view__findpost__p__25998"]a discussion on keyloggers[/url] and why I would argue that virtual keyboards on a Mac are probably a waste of time. (Of course, it is more than likely not everyone using the site you are writing about is a Mac user.)



    I look forward to seeing the site. Perhaps it is better behaved than the one I saw last time. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Thanks!
  • Watertight
    edited May 2011
    Thanks bswins and Khad--



    The site is Treasury Direct << www.treasurydirect.gov>>. You may not be able to observe all aspects unless you go through the account opening process -- intentionally not a trivial process.



    I'll look forward to seeing what you all determine.
  • khad
    khad Social Choreographer
    edited May 2011
    Aha! Thanks for the URL. I have now merged the two threads. Please see my posts above and let me know if you have any addditional questions or concerns. (I knew this sounded familiar.) <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Cheers,
  • Sounds like Safari (my browser) needs to get some Chrome (and maybe fancier tail fins).



    I think I'll wait this one out. An earlier comment about how this might tend to "dumb down" the security of a chosen password is exactly right. A bulletproof password in the mid-teens with plenty of mix in it is tough to transcribe into that virtual keyboard. On the other hand, this isn't a site that will get much activity for a while -- at least not at the rates that continue to be in effect!



    Thanks to all who opined.
  • khad
    khad Social Choreographer
    [quote]Sounds like Safari (my browser) needs to get some Chrome (and maybe fancier tail fins).[/quote]

    <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />



    Thanks for the update! We will keep working to improve 1Password in [b]all[/b] supported browsers.