I know this crops up periodically: Can LP have the feature to allow users to select specific characters from a password, rather than having to display the entire password and work it out manually?
And I do understand the reluctance, the hope that banks across Europe in particular who use this practise will stop doing so in the interests of better security.
Since the last time I looked into this, two more of the banks I use have implemented this method. So I'm going to try again to make the case, taking into account all the criticisms that I'm aware of.
What I currently do when I have to log in to my bank which uses partial passwords is to copy my full password to the clipboard (security risk #1), and paste it somewhere (security risk #2). I then cursor through it to find the characters I've been asked for (which is somewhat error prone on a long password) and enter them into the site. That's the baseline, and it's one which LP could, if it chose to, rise considerably above.
Now consider a site (hopefully not a bank!) that only allows an 8 character alpha-numeric password. LP doesn't refuse to help and tell me I should complain to the site and then take my custom elsewhere. It does the best it can, ensuring I at least have a random unique password for that site which never sits in the clipboard or in full view.
There's no debate that the banks are the problem here, but neither I nor LP can change that. LP could at least make it possible for me to use a secure, lengthy, unique password which never goes to the clipboard or on display in full, though, which would be a big improvement on where I am now.
So is this a definite "won't fix on principle"? Or can we have a debate about the best/simplest way to improve on the status quo?