Some times we are asked how 1Passwd can handle web sites that have multi-page logins. Often these are financial sites such as banks and brokerage sites. With the ever increasing scrutiny on corporate security procedures, many of these institutions have decided to implement new types of security measures. A multi-page login to their web sites is one of the most popular of the new procedures. They have also resorted to asking "random" questions that are not so random as they only have a limited amount of information on you. While I believe it would be much better if they just required two or three 32 character passwords this would not be convenient for a lot of people. (of course 1Passwd users could handle this easily)
Until banks change their login procedures or we figure a way to make 1Passwd better at dealing with these sorts of things, the workaround is to save multiple forms for the site. While this may sound like a real pain, it really isn't that bad and once you have the few random questions saved it can be quite fast to restore with the ⌘-\ keyboard shortcut.
As a follow up to the forum thread about this topic I will walk through an example. The following screenshots have been censored to protect the name of the financial institution as well as my personal information. So without further delay, I am going to jump right in.
Here I am presented with the login screen to one of my bank accounts:
It asked for my username and the answer to the random question. In order to have 1Passwd handle this you need to save a form for each possible random question. Since I have already done a few for this site already, I use the ⌘-\ (Command-\) keyboard shortcut and 1Passwd pops up a window with a choice of matching web forms for this site:
Notice in the image above that the correct one in this case has the most red bars? In this case, 1Passwd is guessing the correct one so I simply pick the top one and I am then presented with the second login page:
This page shows my username and a trust word. The trust word could also be a site key or graphic and is designed to make sure that you are indeed at the right place. However, phishing sites can exploit these as well so never trust these alone. Always look at the URL in the address bar and never click on links from e-mail to get to your accounts. The second page only requires a single form. So I hit ⌘-\ again and am presented with the choices:
1Passwd once again has the correct one at the top of the list. I select it and I am logged in.
My experience has show that there are usually no more than 5 or 6 "random" questions so you will normally end up saving a total of 6-7 web forms for a site like this. I save each of the random questions as I go along so it really is not that time consuming. First, I use ⌘-\ to restore the form and if I do not have a match for that random question, I manually save a new one. Even with the little bit of effort required to do this, it still saves a lot of time when logging in. Plus, since I used 1Passwd to generate a very long and cryptic trust word for the second page, it is VERY secure!
This will not work in every single case so your mileage may vary. For example, if the bank uses a virtual keypad composed of images or other types of purely visual options (images) you will not be able to use 1Passwd to handle them. However, I think the above example covers a vast majority of the cases and is certainly applicable to any type of site with a multi-page login.
