Search
Items tagged with: securitytheatre
In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site.
They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use!
Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex.