If I may, I have a question that was inspired by using password managers.
Does anyone see any security issues with supporting on a website allowing the user name and password to be entered together in one field? The normal way of entering the user name into one field and the password into another would continue to work. The site would simply check and if the user name field content is blank, and the password field content has a space in it, the password field content will be assumed to actually be the user name and password together, separated by a space.
The idea here is that you'd then be able to enter both the user name and the password with a single copy/paste operation. This would be convenient when using a password manager on an iPad. I sometimes get tired of having to do this:
1. unlock password manager
2. copy user name
3. switch to browser
4. paste user name
5. switch back to password manager
(If using most paranoid security settings, insert another step of "unlock password manager")
6. copy password
7. switch to browser
8. paste password
If the website supported my single-field option, I could just set the password manager to stop the computer user name and password is the password field, and then it is only unlock/copy/switch/paste.
I believe that instead of messing around with a known standard (username + password fields), it would be better if web services would implement two-factor authentication. Password managers would become useless then, because you would be able to use simple passwords that you may remember, while being even more secure.
Does anyone see any security issues with supporting on a website allowing the user name and password to be entered together in one field? The normal way of entering the user name into one field and the password into another would continue to work. The site would simply check and if the user name field content is blank, and the password field content has a space in it, the password field content will be assumed to actually be the user name and password together, separated by a space.
The idea here is that you'd then be able to enter both the user name and the password with a single copy/paste operation. This would be convenient when using a password manager on an iPad. I sometimes get tired of having to do this:
1. unlock password manager
2. copy user name
3. switch to browser
4. paste user name
5. switch back to password manager
(If using most paranoid security settings, insert another step of "unlock password manager")
6. copy password
7. switch to browser
8. paste password
If the website supported my single-field option, I could just set the password manager to stop the computer user name and password is the password field, and then it is only unlock/copy/switch/paste.