Wednesday 19 Jun 2013

Remember passwords on any website

stroke-itI explained in the previous article that some banks are very late in terms of security and an alphanumeric password that we never tape (because it is stored) is the best protection. The simple password, because we have to remember them or because they contain only numbers, are a big mistake.

Fortunately, there are two ways of storing passwords anyway on obsolete websites that disallow it.


~

Method 1, if you use Firefox:

This works with sites that use the attribute autocomplete="off" on the text fields. This is an attribute that doesn't officially exist but unfortunately the browsers take care of it. It prohibits the text to be stored and refuses autocompletion, so also to save the password in the browser.

You must use the DOM Inspector in Firefox and do "Find Node (Ctrl+F)", click one Attribute and write autocomplete. If none are found, that's because an other method is used, impossible to store ids in Firefox. Otherwise remove the attribute every time, then identify, Firefox should propose to memorize identifiers as usual.

~

Method 2, with StrokeIt:

The small software StrokeIt allows you to launch programs or do certain actions by drawing a letter with the mouse. Among these actions, there is a way to send keys and passwords (the difference is that the password is encrypted in the configuration file).

Prepare a new action with the letter of your choice to draw, and do "Send keys" and "Password". We may need to insert a pause for sites that request the username first, then the password, it is possible with StrokeIt!

stroke-it-config


So, in a mouse gesture, you are logged on to your bank or other sensitive site, without having to type your password on the keyboard. This avoids the password to be captured by these kinds of viruses called keyloggers that logs everything you do.

But it would be so much easier if the site just allows to save it! In addition, if the form was more standard and available (for mobile browsers, disabled...) it would be perfect, but don't ask too much to banks. Apparently you have to be a bad developer to work in a bank.

~

There are only codes with numbers to type with the mouse on a virtual keyboard that I can't find a solution. This type of identification is yet the worst and offers virtually no security!


cafĂ© Did this article help you? 
Buy me a coffee!

Leave a comment (all comments are moderated, don't waste time with spam)

Azure Dev