Follow

Developers who prevent users from pasting text into a password field deserve a special place in hell.

Seriously what the fuck are they even thinking when they implement bullshit like that. Don't they know that password managers are a thing?

@HackyScientress they kind of do, and they hate them. They think that passwords should be stored in the brain, and that storing them anywhere else is unsafe. Looking at you, Steam!

Modern password managers have a mode for this reason that emulates password typing.

@lexi @HackyScientress There's password fields in VR where you can't paste, you can't see your password manager, you can't see your keyboard, and you can't even select letters with the joystick. You *have to* use the motion controls to point at the letters on a big floating keyboard that's over a meter away.

@bunny_jane @lexi Ahh. I think I downloaded it when I was still doing stuff with VR but never tried it out.

I'm really really wondering how one comes up with something like that. I mean that takes time to develop and just like, why??? They could just have implemented with a launcher where you login in before the VR part starts. Basically the same way most MMOs handle logging in.

@HackyScientress @lexi To be fair I use it on my Quest, so that wouldn't work. But they could at least let you paste in from a password manager and use the thumbstick to select letters. I don't think I've ever seen a keyboard in VR that doesn't require you to use motion controls to point at far away letters.

@HackyScientress "best" excuse I heard, so far: our password policy forbids users from saving their password" 😫

@HackyScientress At least still better than reading your clipboard automatically and insert in into thr password field + (probably sending amy other clipboard content to a server).

@HackyScientress FWIW this became a thing because other apps could read the clipboard and get your password. However, so far CTL-v still works in every case I've found where right-click paste didn't, which makes me question those devs, and their management, even more.

@Xantulon oh no in that case that didn't work too. You can register a on_paste event handler on form fields in JavaScript and then discard the input, that's what the Square Enix devs did. You can easily remove the event handler with the dev console but it's still super annoying.

@HackyScientress imho some dedicated API which controls the access to apps sensitive data (and delegates requests to the os permissions system) could solve that problem, and also make the whole platform better from security perspective.

@HackyScientress Password policies. The same reason that makes companies provide their users with RSA tokens to (asides from having 2FA) prevent people from storing credentials altogether.
@snaums

@z428 @snaums Yeah policies like that are ridiculous. Hardware TOTP tokens are not a bad thing on the other hand IMHO.

@HackyScientress I think it's mostly a matter of trust and different threat models. Plus: Maybe it's not too bad considering that the most common "password manager" probably still is Chrome and Google Cloud... πŸ˜‰ @snaums@toot.kif.rocks

@HackyScientress LOL

The password concept it shitty anyway. It's one of the most shitty thing ever in terms of cyber-security model anyway.

@HackyScientress I've come to believe that it is some bullshit "anti brute force" measurement but like super super low effort

@HackyScientress you must type out your 16 characters or longer, at least 1 uppercase, lowercase, digit, and symbol password.

@HackyScientress yeah one of the things that screams out to me for a hall of shame

>Don't they know that password managers are a thing?
-99.99% of all computer users uses the same password everywhere and it is also something available in the dictionary.
Thus it can explain why.
-One attack vector is the cache where the data is stored when copied.
Thus it can explain why. But anyway when you got malware to that point its pretty much useless to have such bs function.
Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community