Kevin P. FlemingJan 28, 2023

In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site.

They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use!

Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex.

#Password #SecurityTheatre

Show threadSteve1981
@kevin
My guess would be that is an interface to a 3270 emulator, and the developer can no longer count on modern keyboards to replicate all the IBM PC/AT signaling.
Jan 28, 2023 at 6:21pmWeb