Kevin P. FlemingJan 28, 2023

In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site.

They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use!

Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex.

#Password #SecurityTheatre

Show threadChris Conway

@kevin
I'm guessing you are fully capable of Googling this but, just for the record, make a bookmark with this as the URL and click it when you're on the login screen:

javascript:(function(){document.querySelector(".pwordinput").removeAttribute("readonly")})();

https://thefinancebuff.com/password-manager-i-bonds-treasurydirect.html

Jan 28, 2023 at 6:13pmWeb