pikestaff
Member of DD Central
Posts: 2,133
Likes: 1,482
|
Post by pikestaff on Feb 16, 2017 8:05:46 GMT
...I have tried with both LastPass and Norton Vault, both fill in my username but not my password, so much the same as others have reported... KeePass works on my Win 10 PC. KeePassDroid works on my Android phone (though I'd not want to use RS's site on my phone).
|
|
n
Member of DD Central
Yet another Nick
Posts: 879
Likes: 461
|
Post by n on Feb 16, 2017 11:39:18 GMT
Strange. I use Firefox without any 3rd party password manager. It used to prefill username and password. Now I have to enter the username (copy & paste) then when I tab to password, Firefox completes it for me.
|
|
DeafEater
Member of DD Central
Extremely Moderate
Posts: 216
Likes: 292
|
Post by DeafEater on Feb 16, 2017 12:41:31 GMT
Strange. I use Firefox without any 3rd party password manager. It used to prefill username and password. Now I have to enter the username (copy & paste) then when I tab to password, Firefox completes it for me. Yes that was what Firefox WAS doing for me. Unfortunately shortly after the change occurred and this thread was in its infancy, I thought I might be able to restore the status quo by removing RS from the list of sites with stored credentials to make Firefox ask to store it again properly. It didn't. Now I'm also stuck typing both email address and password every time. Ho hum.
|
|
|
Post by gricehead on Feb 16, 2017 16:56:05 GMT
Somewhat strangely, Chrome on Android still autofills the username.
|
|
|
Post by yorkman on Feb 17, 2017 12:29:09 GMT
Zopa autofills first password and autofills with one of the three security questions. So mine is set to remember the longest of these and I only have two, short, proper place names to enter and NOTHING to remember. Yeh!
|
|
|
Post by bricktop on Feb 17, 2017 14:14:48 GMT
They have 2 factor authentication sending a pin to your mobile. I would have just enforced that on to all users.anyone not using 2 factor for any account these days is inviting a problem. So feel free to comment who doesn't use it 😂
|
|
|
Post by GSV3MIaC on Feb 17, 2017 14:59:18 GMT
A quote from RS support (which I assume they have no problem with me publishing) ..
"In regards to the security changes, as part of a new deployment to improve security, our technical team have removed the possibility of RateSetter customers saving the email address / password on the RateSetter login page.
This is an upgrade as part of enhancing account security for all our customers and is something will feel will dramatically improve the overall security of the platform.
In the meantime, to overcome the issue and ensure you still have easy access to your account, the option for you to remain logged into your account at all times is available in the account preferences section of the members site. By selecting account preference from the top of the page and again account preferences from the column on the left you are able to opt to remain logged in at all times using a particular device.
I hope this is helpful and do apologies for any inconvenience caused."
Won't be an issue (for me) for long, as I have initiated sellout anyway..
|
|
gnasher
Member of DD Central
Posts: 207
Likes: 146
|
Post by gnasher on Feb 17, 2017 15:19:28 GMT
This is completely barking mad and counter productive. We are constantly advised to make our passwords, especially those for financial sites/accounts, long, complex and meaningless, so they are unguessable - AND to have a different one for each account we have. Lets face it most people have multiple accounts so reliably remember all those long, complex and meaningless passwords is simple impossible, even for the young-uns let alone us old-b........s! Luckily there is a solution, use a password manager with one master password that will encrypt, store and deploy all the others as required - a great solution!
Then RS decides to stop all this secure nonsense and enforce it's users to go back to the bad old habits of simple easy remembered insecure passwords - brilliant! Well done RS.
Unless they reverse this then run-off and auto withdrawal is my solution.
|
|
jo
Member of DD Central
Posts: 727
Likes: 491
|
Post by jo on Feb 17, 2017 15:28:12 GMT
This is completely barking mad and counter productive. We are constantly advised to make our passwords, especially those for financial sites/accounts, long, complex and meaningless, so they are unguessable - AND to have a different one for each account we have. Lets face it most people have multiple accounts so reliably remember all those long, complex and meaningless passwords is simple impossible, even for the young-uns let alone us old-b........s! Luckily there is a solution, use a password manager with one master password that will encrypt, store and deploy all the others as required - a great solution! Then RS decides to stop all this secure nonsense and enforce it's users to go back to the bad old habits of simple easy remembered insecure passwords - brilliant! Well done RS. Unless they reverse this then run-off and auto withdrawal is my solution. Luckily, RS has a history of listening to users and being prepared to reverse corporate decisions. Oh wait, I'm thinking of someone else......
|
|
treeman
Member of DD Central
Posts: 1,026
Likes: 557
|
Post by treeman on Feb 17, 2017 17:29:16 GMT
This is completely barking mad and counter productive. We are constantly advised to make our passwords, especially those for financial sites/accounts, long, complex and meaningless, so they are unguessable - AND to have a different one for each account we have. Lets face it most people have multiple accounts so reliably remember all those long, complex and meaningless passwords is simple impossible, even for the young-uns let alone us old-b........s! Luckily there is a solution, use a password manager with one master password that will encrypt, store and deploy all the others as required - a great solution! Then RS decides to stop all this secure nonsense and enforce it's users to go back to the bad old habits of simple easy remembered insecure passwords - brilliant! Well done RS. Unless they reverse this then run-off and auto withdrawal is my solution. As someone mentioned upthread - try KeePass. Still working on RS login just fine
|
|
oldtimer
Member of DD Central
Posts: 211
Likes: 156
|
Post by oldtimer on Feb 17, 2017 17:49:25 GMT
If you use roboform you just need to use the fill forms from matching passwords. Works fine. What does not work is the go & fill option. Not a huge problem. You may have to input manually the first time and save as I think they have changed the form field names.
|
|
|
Post by bricktop on Feb 17, 2017 17:53:39 GMT
A quote from RS support (which I assume they have no problem with me publishing) .. "In regards to the security changes, as part of a new deployment to improve security, our technical team have removed the possibility of RateSetter customers saving the email address / password on the RateSetter login page. This is an upgrade as part of enhancing account security for all our customers and is something will feel will dramatically improve the overall security of the platform. In the meantime, to overcome the issue and ensure you still have easy access to your account, the option for you to remain logged into your account at all times is available in the account preferences section of the members site. By selecting account preference from the top of the page and again account preferences from the column on the left you are able to opt to remain logged in at all times using a particular device. I hope this is helpful and do apologies for any inconvenience caused." Won't be an issue (for me) for long, as I have initiated sellout anyway.. Really? That seems more than odd. However it puts the onus back on the user to make sure their device is secure. In an odd way that makes sense.....
|
|
oik
Member of DD Central
Posts: 254
Likes: 349
|
Post by oik on Feb 17, 2017 18:03:02 GMT
This is completely barking mad and counter productive. Agreed. I'm more concerned that they're showing just how totally clueless they still are about security than about any inconvenience. As you say, this measure is likely to be counterproductive particularly when they don't enforce the use of reasonably long and secure pws. It will encourage users to use shorter more memorable pws. So what does it say about the standard of security Ratesetter may have elsewhere in the system? I don't have the browser remember my very long pw, unused anywhere else, just the email address. Nor do I use pw managers. For many of their users the address they use to log into Ratesetter will be known by hundreds of people including friends and acquaintances, various companies, web-sites and forums - some less reputable than others. To have an email address known by all and sundry as half of the login process on a financial site is just potty. And then to believe that preventing the email address from being saved significantly adds to security is even pottier. The simplest and most obvous improvement would be to at least have usernames so that users could choose a different one from any used elsewhere. And if Ratesetter's website manager doesn't understand security they should get a decent consultant in to show them. That some other P2P sites may be just as clueless isn't much of an excuse.
|
|
gnasher
Member of DD Central
Posts: 207
Likes: 146
|
Post by gnasher on Feb 18, 2017 6:41:19 GMT
As someone mentioned upthread - try KeePass. Still working on RS login just fine Yes I did note that. However I already have 2 password manager installed and working fine. As these are absolutely essential for my online existence, I have all sorts of secure notes in there as well as passwords, I have a main system and a backup. I do not really want to set up another, it takes a lot of time to get everything loaded, and I am becoming less keen on RS for other reasons anyway.
|
|
gnasher
Member of DD Central
Posts: 207
Likes: 146
|
Post by gnasher on Feb 25, 2017 6:59:34 GMT
Update : I now find that the new Norton Identity Safe add on to Firefox does work with the RS login page. The original/normal version in Chrome et al does not work.
I have now completed my correspondence with RS on this subject and their last word is :
I understand the new process is less convenient, but the changes were implemented with the security of our user’s information in mind.
Based on feedback we’ve received, the process has been reviewed. In a forthcoming update we will reintroduce the auto-fill function for the email address part of the login page, but not the password.
|
|