Issue with Citi login


#1

I’m having trouble getting Kee to work properly with Citi sites. The main site I use is https://www.citi.com/credit-cards/citi.action but when Kee fills it out, it results in an invalid login attempt. I can let it fill in the password, but I have to manually fill in the username. If I have Kee do it, when I click in the box, the username is cleared, but when I manually do it then click in the box, it changes it to a us****me format and stays (isn’t cleared), and I’m able to login. I’ve tried whitelisting the various IDs present on that page but can’t get it working.

So then I tried https://online.citi.com/US/login.do which works once I get Kee to fill in the fields, but it’s a struggle doing that. I whitelisted the fields, but, even then, it still doesn’t fill them in automatically or even semi-automatically. First, the Kee icons don’t always appear in the fields, or at least they take a while to populate. Then, if I click the icon in the username field, it just disappears and nothing happens. So I have to click the one in the password field and select the KeePass entry, at which point it fills out the password but not the username. NOW, clicking on the icon in the username field fills that in, and then I can finally login. Clearly, there are some issues with how they have things set up, which is no surprise (I’ve never cared for their site), but it would be really nice if I could get at least one of the two working. I’d appreciate any help anyone can offer. Based on the behavior, you shouldn’t need an account to test it out. In case it matters, I’m using Waterfox 56.2.5 and Kee 2.3.19.1 on Win10.


#2

This topic might help you:


#3

Thanks. I’ve already seen and even posted in that discussion, but I don’t know if it’s related. It’s possible that once the change @luckyrat made makes its way to the stable build I’ll find that it works for one or both of these sites as well, or it might be a completely different problem.


#4

Then you can make a new thread. Though it would still be best to contain it in a single discussion.


#5

?? I did make a new thread: this one. I did so because I don’t know if it’s related to that or any other issue, and therefore didn’t feel it belonged as part of another discussion.


#6

I meant it would be best to not make a new thread unless it’s clear that the issue persits after being fixed.


#7

Ah, ok, that makes more sense. Well, they don’t seem quite the same, but also I didn’t realize that issue had been updated and there was a fix when I posted this one. When the fix becomes available, I’ll try to follow-up on this one.


#8

Yeah, no harm done - it’s just a lot of potentially related things happening in a short space of time. :slightly_smiling_face:

You can switch to the beta version to test the changes now by installing the signed beta XPI from https://github.com/kee-org/browser-addon/releases/latest


#9

Tried the beta, which does seem to have fixed eBay for me, but Citi logins (both sites) are still doing the same thing.


#10

Is the username stored in KeePass correct?

I just tried logging in and found that the page modifies the username (with the *s as you point out) before sending the form so Kee stores a version that contains *s rather than the actual username you would manually type in.

Once I put the correct username into the KeePass entry it seems to auto-fill correctly (obviously without an account I can’t confirm this).

This has been a rare problem for password managers forever and I’m not sure when or if it will be resolved. Short of writing special code for every website on earth (ha ha) the most promising idea I’ve considered so far will have a significant (probably crippling) affect on browsing speed and even then I’m not certain it will be possible to make such a complex solution reliable in all cases so work on that area is a low priority at the moment. On the plus side, this anecdotally appears to be an old fashioned approach to login form design so fewer and fewer websites are suffering in this way. As always, financial institutions are the slowest to upgrade to modern security best practice but hopefully they’ll all get there one day so the problem might just go away without further effort from us.


#11

The username is correct. I’ve checked it, but also if I copy it to the clipboard and paste it into the website it logs in correctly. That’s what I meant by doing it manually. And it also works on the second site; the issue there is that it doesn’t autofill when the page loads or even when triggering it through the icon in the username field, only through the one in the password field THEN the username one. So the username saved in KeePass is definitely not the problem, and it’s not being modified by the website.

What’s happening on the site (the first one) is that when KeePass semi-autofills the boxes (autofill only AFTER triggering via the icon, vs when the page loads, which it doesn’t do for this page), the username box still has the word “username” in it as well as the actual username, so the letters of the two words overlap each other. In other words, the field label isn’t cleared when the username is inserted automatically like it is when typing in the field. And when it does that, the login doesn’t work. When entering the username manually (typing or copying into the clipboard in KeePass then pasting it in), the word “username” is cleared, so the actual username is legible, though all but the first and last two letters of it are shown as *'s as a security measure. The username isn’t actually modified, it’s just obscured.


#12

I should add that the password field’s “Password” label text also isn’t cleared when KeePass fills it in, so it’s overlaying the passwords dots, but unlike the username field, clicking in the box doesn’t clear the entered password. It’s basically like the username isn’t sticking unless it’s manually entered. Maybe being filled in automatically doesn’t let the site manipulate it to mask it, and that affects it somehow.