Hacker News new | past | comments | ask | show | jobs | submit login

I've found this to work pretty well in most cases, but there are some websites that don't semantically mark up their fields in a way the browser can recognize, and there's no way to manually trigger the password suggestion feature.



Worse, many sites -- notably banking sites -- reject secure passwords (no weird characters, no long passwords)


One of my credit cards requires a password no longer than 16 characters, no spaces, no special characters. They're only a few more restrictions away from just requiring that it be a significant birthday or something similar.


What is worse than rejecting is I know of one major site that would, at least used to, silently truncate long passwords. That was... frustrating.


I used to have an ATM card with an 8-digit PIN. When entering the PIN, I noticed the screen would flash after the fourth digit. Subsequently, I discovered I actually only needed to enter the first four. That continued until the bank got taken over by Bank of America in 2004. Suddenly, I needed to enter the whole PIN!


I think generally all it needs is a password field.

My Thai business banking system is paranoid and disables autocomplete, paste, etc, even with the security of a physical token), but the one that really annoys me is things like Basecamp - I had to futz around and disable JavaScript for a login to be recognised and prompt to save a password - by default it does an XHR which doesn't trigger the "save password" prompt.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: