Re: are online companies breaking password manager?

Grant wrote:

On Sat, 25 Feb 2006 20:52:20 GMT, MrC <spamno@xxxxxxxxxxxxxxxxx> wrote:

My credit card company's online login page changed in
design recently and now I have to manually type
my username and password into the form to get in.

More to the point -- are you not concerned that somebody can access
your credit card details by visiting their site on your computer?

Not really, my computer's in the basement of my house and I'm the
only one living here... I don't think I have to worry too much
about strangers typing away at my PC. My firewall and how I
use my DSL is pretty secure (Ipcop 1.4.10 on a dedicated firewall
box, I turn off the connection when I'm not online (I don't do the
24/7 DSL thing) and I've scanned it to verify it's fully stealthed.
I also have no services running to the outside (ssh on the green
side of the network only).

My Internet banking access requires AccessID, PIN and Authentication
Key from a hardware keytag device -- that way even if a login session
was captured it cannot be replayed as the authentication key will
not be valid.

My CCard site uses plain SSL username / password

I'm thinking that
the new design hides the "user id" and "password"
strings as a small image so mozilla can't recognize
it's a login form? How else would this happen?

Dunno, I disable password managers. Doesn't surprise me they'd
try to sidestep them, I take it 'view source' doesn't tell you
much?

I'm not a javascript/netbeans or whatever expert

I'm guessing banking companies have decided they
don't like Password managers.

They're non-secure, and too many people are being burned by
(windoze) keystroke loggers, etc.

I'm using mozilla 1.7.12 on Fedora core 4
Shouldn't matter -- this is (or should be) OS and browser neutral.

Grant.

.