Kevin P. FlemingJan 28, 2023

In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site.

They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use!

Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex.

#Password #SecurityTheatre

Show threadkrakalak  
@kevin Without a doubt the most security oriented financial site I've ever used.
I just wish they spent a little more time with properly formatting a downloadable 1099. What a mess 🙄
Jan 28, 2023 at 7:06pmWeb