On 10/24/14, 5:44 AM, Ed Leafe wrote:
On Oct 23, 2014, at 9:45 PM, Paul McNett <p...@mcnettware.com> wrote:
My banks call it 2-factor auth, but here it is in a nutshell:
1) enter your user name or member number, hit submit
2) verify that the image and phrase matches what you entered originally, enter
password, and submit.
I can get lastpass to save the member number for 1 and the password for 2, but
it doesn't auto-fill them for me no matter what I try, and once I have lastpass
fill them, I still have to click 'submit' myself.
Yeah, that's not 2fa; that's 2-step auth, as Dan noted. On my BoA account, the
browser saves the account ID on the first page, and LP fills in the password on
the second. Yes, I have to verify visually that the image is correct, but then
again, I *want* to do that! And I don't have to click anything, because the
password field is auto-filled, and I just have to press Enter to log in.
This is exactly how it works with my BofA and with my old credit union,
and I was fine with it for the reasons you cite. But for my new credit
union I need to enter my member number on the home page (LastPass fills
this in 50% of the time for me, and submits the form 90% of the time for
me too) but then there's a pop-up password window and even though
LastPass recognizes the password field, it shows a little icon with '2'
there, I think saying that it has 2 possible records for this site and
so doesn't know which to auto-fill. So I need to click it, and then,
even though auto-fill is True, I still need to also press enter.
Now that I know my member number by heart, this isn't such an ordeal and
I should change my password. But due to their mobile app requiring me to
enter it (LastPass copy/paste is just too clicky) instead of a PIN, I'm
sort of back to square one because they are basically requiring that I
remember a password there.
A lot of sites work great with LastPass, including American Express.
Some banking sites appear to be trying to be more secure but are
actually making things less secure for at least some cases, like my
credit union case here.
Another site I use that doesn't work at all with LastPass is simple.com
: they had me make a pass phrase but now I'm supposed to type in that
whole phrase just to get logged off after 10 minutes and have to do it
all over again, and they've somehow disabled LastPass completely at
least on Safari. Their iOS app lets me save the pass phrase and locks
the app down with my PIN (and if the PIN is mis-entered too many times I
need to enter the passphrase again). At least they have that part of the
puzzle working for me. But I still thing a LastPass-generated 32 byte
random password with all characters is superior to a pass phrase, where
I have a hard time remembering punctuation and capitalization, etc.
The irony for me is that I'm now in a situation where I have
LastPass-generated passwords for every site I have an account at, except
for my main banking site, where I'm using a short password I can
remember and type fast. At least someone that gets my password at a
non-critical site won't be able to use it at my banking site...
Paul
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/544a83f1.8090...@mcnettware.com
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.