Author Topic: Login Failure  (Read 9904 times)

Offline TomShay

  • Jr. Member
  • **
  • Posts: 12
Login Failure
« on: September 13, 2007, 07:17:02 PM »
I've been banging on this problem for a while trying to isolate it. I'm hesitant to enter this as a bug yet cause I might be the problem. I've been using PWM for some time and this is great work... Thanks.

I have two sites that if I use PWM on where it fails to login. I've generated the password and copied it to a text file. If I manually enter the PW in the login works. If I block copy it from the text file it works.... But if I use PWM it in any way it fails. If I let the first failure go by and redo the same process again on the Retry page with PWM it works. The first page and the retry pages are two different URLs.

One site is my banks (which I just locked myself out of playing with this). It takes me first to a URL like www.mybank.com. Where it always seems to fail if I enter it there using PWM, but does work with a manual or non-PWM block copy. On the RETRY page (a different URL... redirected to XXX.bankteller.com for example) PWM works. Both URLs are listed in the ACCOUNT SPECIFIC SETTINGS on the URL Tab in the patterns list.  *mybank.com* and *bankteller.com*.  Both URLs generate the same PW visually when I allow PWM to show me that PW.

What am I doing wrong? Ha...

Thanks a head of time. How to whine to the bank and beg to get back in.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Login Failure
« Reply #1 on: September 13, 2007, 07:50:15 PM »
Hi Tom,

I've been banging on this problem for a while trying to isolate it. I'm hesitant to enter this as a bug yet cause I might be the problem.
A bug is always a possibility, but more often than not what you are describing is operator error (and yours truly has subjected himself to lots of those kinds of errors, so no offense is intended)... :)

Quote
I've been using PWM for some time and this is great work...
Yeah, I couldn't live without it myself...

Quote
I have two sites that if I use PWM on where it fails to login. I've generated the password and copied it to a text file. If I manually enter the PW in the login works. If I block copy it from the text file it works.... But if I use PWM it in any way it fails. If I let the first failure go by and redo the same process again on the Retry page with PWM it works. The first page and the retry pages are two different URLs.

One site is my banks (which I just locked myself out of playing with this). It takes me first to a URL like www.mybank.com. Where it always seems to fail if I enter it there using PWM, but does work with a manual or non-PWM block copy. On the RETRY page (a different URL... redirected to XXX.bankteller.com for example) PWM works. Both URLs are listed in the ACCOUNT SPECIFIC SETTINGS on the URL Tab in the patterns list.  *mybank.com* and *bankteller.com*.  Both URLs generate the same PW visually when I allow PWM to show me that PW.
Ok, first, just fyi, the way you have those patterns is very insecure (subject to phishing attack)... you should always include the entire protocol portion, and the trailing slash, ie: "http://www.mybank.com/*"...

Second - from your description, it almost certainly is a problem with the first (login page) URL pattern - either that or their page is doing something really whacky. When you attempt to populate the password with PWM on the login page (the page that fails), how are you doing it? Coolkey/Alt-~? If so, is it actually using the proper Account settings, or the Defaults?

Another possibility - do you have the Tools > Options > Security > 'Remember passwords for sites' option checked (maybe it is interfering somehow)?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Login Failure
« Reply #2 on: September 13, 2007, 09:10:06 PM »
Can you give me the URL so I can test it and try to reproduce?

Offline TomShay

  • Jr. Member
  • **
  • Posts: 12
Re: Login Failure
« Reply #3 on: October 01, 2007, 04:05:54 PM »
Sorry I took so long to get back.

No offense taken Tanstaafl... Thanks for the suggestion, obvious now as I look at it.

I'm using the CoolKey not the short cut.  I've never have Firefox remember passwords and I don't see any saved.

Eric.... I'll send the URL via your Yahoo eMail account along with the patterns I'm using.

The bank is going through a re-organization and changed its URL to the first login page. My first reaction was to slap myself in the forehead. But after making the changes that Tanstaafl made and making sure it was generating the correct PW it still fails on the first login page. So I'm back to where I was before they changed the URL.

I double checked the password by allowing PWM to generate the PW in clear text and it does so correctly with no strange/extra characters. All the correctly upper and lower case letters and correct numbers.... AND it does so on both pages. First page fails and sends me to the second page (different URL) which works.

Tom

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Login Failure
« Reply #4 on: October 01, 2007, 06:18:16 PM »
Quote
I'm using the CoolKey not the short cut.

Ok, so a dumb question, just to confirm...

When you use the coolkey, and the master password prompt window opens - it is using the Account Settings - meaning, you see the name of the custom Account you have created in the 'Name' column in the Master Password Prompt window, NOT the 'Defaults' settings - correct?

If so, then it must be some weird site-related bug...

Offline TomShay

  • Jr. Member
  • **
  • Posts: 12
Re: Login Failure
« Reply #5 on: October 02, 2007, 02:49:09 AM »
This is correct.... I see the account not the default. It does generate the correct PW that I can look right at when I have PWM place it in as clear text.

So many things we use without really looking. That first page is an HTTP so I'm assuming that I'm passing the user name and password in the open and this is a Bank???? The second screen used for original password re-entry after the first failure uses the different URL (I pass both URLs off to Eric via eMail) is secured so I just shot for the HTTPS site right off now. Works fine. Though it does not solve the riddle.

I assume that the Bank must have a page that they use to connect the initial user and password and then pass that off to the outfit that actually does the guts of the work. They are down in Dallas I understand.

FYI - I'm behind a Sonicwall firewall too. I've got it open to accept cookies and run scripts etc. and don't get any entries in the log that usually occurs if something is being blocked, etc.  I don't see what this might have to do with it as I can manually type in the same password that is generated and it all works.

I'll give some feed back on a second site.... my son's middle school has a site I can log into to check his work.... grades etc. I was having pretty much the same problem there too. On this site I'm having PWM enter both the user name and password... They gave us both and I don't have any choice on changing it.... so in this case I have PWM just enter them for me since this isn't a high security site for the most part.  Right now I just use PWM to remember both and I have to manual enter them. (I'll double check this since time has passed).  I can look right at what it is entering as clear text.... but no go unless I manually enter the stuff... I'll double check that in a moment and verify that I'm not out to lunch on that.... since it has been a while.

All of the other 30+ sites all work fine as advertised. Got me.

I'll double check the son's site in a second.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Login Failure
« Reply #6 on: October 02, 2007, 04:40:58 AM »
I've figured out the problem. Tom, I hope you'll share the URL here so tanstaafl and others can try it for themselves. I don't want to post it for you.

First, the solution. Using CoolKey to populate the username and password works fine. I recommend you use that for now right after the page loads. There are three ways to activate CoolKey--toolbar button, keyboard shortcut (Alt-`), or right-mouse context menu item.

Secondly, you do not need to use the Advanced Auto-Populate tab. Just check Automatically populate username and password fields for sites that match this URL, enter the URL pattern as you have, and enter your username on the Extended tab.

Now here's the problem. The website loads, passwordmaker auto-populates the fields, but then the website reloads the login form. [The technical details: the website resets the content of the div named loginHolder. See the function toggleLogin() in file http://www.bank.com/jsInclude.js (domain name changed unless Tom chooses to publish it here).] To make matters worse, you don't even see that passwordmaker initially auto-populates the fields because the page hides the login form until the onload DOM event fires. You can see this in action if you refresh the page (cntrl-R) a bunch of times really fast. You'll see "Loading login..." in place of the form. The code which does this is the call to toggleLogin(0) at the bottom of the HTML page.

Why do they do this? Without spending a lot more time on this--because I can't change their website after all--it looks like they're trying to hide the login form until all images load...specifically the "ID" and "PASSWORD" images immediately to the left of the login form (yes, those are images and not text). In other words, they don't want two fields displayed before the associated field labels are displayed. Presumably this is for people on really slow internet connections who might be confused by seeing two fields without any labels next to them for a few seconds. In any case, I could be wrong about that--I really don't want to dissect their website any more than I have.

The only way to "fix" PaswordMaker so it auto-populates on page load for this site is to cause a delay in the auto-populate code. That is, I could add an extra option on the Advanced Auto-Populate tab that allows you to specify a configurable delay (in milliseconds) before the auto-populate code fires. After the delay, presumably the login form on this site will have finished reloading. All in all, however, it seems like an awful lot of work when all you need to do is press the CoolKey toolbar button, keyboard shortcut, or context-menu item. By the time you click on CoolKey, the login form has reloaded and auto-populate works.

If you're interested in me adding the configurable delay, let me know. It's actually not much work now that I'm in the guts of PasswordMaker's auto-populate.

Good night!
Eric
« Last Edit: October 02, 2007, 04:46:09 AM by Eric H. Jung »

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Login Failure
« Reply #7 on: October 02, 2007, 10:33:19 AM »
First, the solution. Using CoolKey to populate the username and password works fine. I recommend you use that for now right after the page loads. There are three ways to activate CoolKey--toolbar button, keyboard shortcut (Alt-`), or right-mouse context menu item.

Hmmm... but he said above that he *was* using the coolkey... TomShay?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Login Failure
« Reply #8 on: October 03, 2007, 02:36:23 AM »
First, the solution. Using CoolKey to populate the username and password works fine. I recommend you use that for now right after the page loads. There are three ways to activate CoolKey--toolbar button, keyboard shortcut (Alt-`), or right-mouse context menu item.

Hmmm... but he said above that he *was* using the coolkey... TomShay?

CoolKey worked for me, but that was on my development instance. I should give it a try on my other instance.

Offline TomShay

  • Jr. Member
  • **
  • Posts: 12
Re: Login Failure
« Reply #9 on: October 07, 2007, 12:39:03 AM »
Thanks Eric,

No need to modify PWM. Especially just for one site and since I've got a work around that works just fine, don't bother.... for now at least.

FYI - I've been using the CookKey on the ToolBar and I haven't used the Advanced Autocomplete Tab..... On this site I manually load both the userID and use the CookKey (the gold key) on the ToolBar to generate and populate the password field.

Like I said before I found a work around by going their 'retry' page that they used for second tries (not the main page for the site). PWM works everytime. But again that page uses a different domain....

I think I emailed Tanstaafl the URL... Tanstaafl if you didn't get it and resend.... You are welcome to forward the URL to those that you think might need it.

If you'd like me to test any new release for this problem just let me know. Thanks again for the feedback.

Tom

Offline TomShay

  • Jr. Member
  • **
  • Posts: 12
Re: Login Failure
« Reply #10 on: October 07, 2007, 01:17:07 AM »
Eric,

Re-reading your message, I tried to login without using the CoolKey on the ToolBar and had PWM populate the field as using the "right mouse button" and selected "PASSWORD MAKER", "POPULATE THIS FIELD"..... the cursor was in the password field.

It worked just fine and seems to only fail with the CoolKey from the toolbar. I tried it a couple of times to make sure.

The plot thickens!  ???

Tom

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Login Failure
« Reply #11 on: October 07, 2007, 01:57:32 AM »
I think I emailed Tanstaafl the URL... Tanstaafl if you didn't get it and resend....

If you sent it, I must have missed it... sorry...

PasswordMaker Forums

Re: Login Failure
« Reply #11 on: October 07, 2007, 01:57:32 AM »