Kevin P. FlemingJan 28, 2023

In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site.

They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use!

Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex.

#Password #SecurityTheatre

Show threadbertrand 🏃 👨‍💻 🎸
@kevin 🤦‍♂️
#password #securitytheatre
https://mastodon.km6g.us/@kevin/109766908578809142
Kevin P. Fleming (@[email protected])

Attached: 1 image In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site. They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use! Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex. #Password #SecurityTheatre

KM6G Mastodon
Jan 28, 2023 at 3:46pmWeb