are online companies breaking password manager?

My credit card company's online login page changed in
design recently and now I have to manually type
my username and password into the form to get in.
Mozilla Password manager will not fill in the
form. Since the new designed page is on a different
URL, I deleted the old entry from password manager
thinking mozilla would query for adding the
new URL as a login form, this never happened and
I have to type the login in. I'm thinking that
the new design hides the "user id" and "password"
strings as a small image so mozilla can't recognize
it's a login form? How else would this happen?
I'm guessing banking companies have decided they
don't like Password managers.
I'm using mozilla 1.7.12 on Fedora core 4

Mark

On Sat, 25 Feb 2006 20:52:20 GMT, MrC <spamno@notmore_spam_.com> wrote:

>My credit card company's online login page changed in
>design recently and now I have to manually type
>my username and password into the form to get in.

More to the point -- are you not concerned that somebody can access
your credit card details by visiting their site on your computer?

My Internet banking access requires AccessID, PIN and Authentication
Key from a hardware keytag device -- that way even if a login session
was captured it cannot be replayed as the authentication key will
not be valid.

> I'm thinking that
>the new design hides the "user id" and "password"
>strings as a small image so mozilla can't recognize
>it's a login form? How else would this happen?

Dunno, I disable password managers. Doesn't surprise me they'd
try to sidestep them, I take it 'view source' doesn't tell you
much?

>I'm guessing banking companies have decided they
>don't like Password managers.

They're non-secure, and too many people are being burned by
(windoze) keystroke loggers, etc.

>I'm using mozilla 1.7.12 on Fedora core 4
Shouldn't matter -- this is (or should be) OS and browser neutral.

Grant.
--
.... The computer scientist, who had listened to all of this said,
"Yes, but where do you think the chaos came from?"

Grant wrote:

> On Sat, 25 Feb 2006 20:52:20 GMT, MrC <spamno@notmore_spam_.com> wrote:
>
>>My credit card company's online login page changed in
>>design recently and now I have to manually type
>>my username and password into the form to get in.
>
> More to the point -- are you not concerned that somebody can access
> your credit card details by visiting their site on your computer?

Not really, my computer's in the basement of my house and I'm the
only one living here... I don't think I have to worry too much
about strangers typing away at my PC. My firewall and how I
use my DSL is pretty secure (Ipcop 1.4.10 on a dedicated firewall
box, I turn off the connection when I'm not online (I don't do the
24/7 DSL thing) and I've scanned it to verify it's fully stealthed.
I also have no services running to the outside (ssh on the green
side of the network only).

> My Internet banking access requires AccessID, PIN and Authentication
> Key from a hardware keytag device -- that way even if a login session
> was captured it cannot be replayed as the authentication key will
> not be valid.

My CCard site uses plain SSL username / password

>> I'm thinking that
>>the new design hides the "user id" and "password"
>>strings as a small image so mozilla can't recognize
>>it's a login form? How else would this happen?
>
> Dunno, I disable password managers. Doesn't surprise me they'd
> try to sidestep them, I take it 'view source' doesn't tell you
> much?

I'm not a javascript/netbeans or whatever expert

>>I'm guessing banking companies have decided they
>>don't like Password managers.
>
> They're non-secure, and too many people are being burned by
> (windoze) keystroke loggers, etc.
>
>>I'm using mozilla 1.7.12 on Fedora core 4
> Shouldn't matter -- this is (or should be) OS and browser neutral.
>
> Grant.