Developers who prevent users from pasting text into a password field deserve a special place in hell.
Seriously what the fuck are they even thinking when they implement bullshit like that. Don't they know that password managers are a thing?
@HackyScientress they kind of do, and they hate them. They think that passwords should be stored in the brain, and that storing them anywhere else is unsafe. Looking at you, Steam!
Modern password managers have a mode for this reason that emulates password typing.
@lexi @HackyScientress There's password fields in VR where you can't paste, you can't see your password manager, you can't see your keyboard, and you can't even select letters with the joystick. You *have to* use the motion controls to point at the letters on a big floating keyboard that's over a meter away.
I'm really really wondering how one comes up with something like that. I mean that takes time to develop and just like, why??? They could just have implemented with a launcher where you login in before the VR part starts. Basically the same way most MMOs handle logging in.
@HackyScientress @lexi To be fair I use it on my Quest, so that wouldn't work. But they could at least let you paste in from a password manager and use the thumbstick to select letters. I don't think I've ever seen a keyboard in VR that doesn't require you to use motion controls to point at far away letters.
@HackyScientress "best" excuse I heard, so far: our password policy forbids users from saving their password" 😫
@HackyScientress At least still better than reading your clipboard automatically and insert in into thr password field + (probably sending amy other clipboard content to a server).
@HackyScientress FWIW this became a thing because other apps could read the clipboard and get your password. However, so far CTL-v still works in every case I've found where right-click paste didn't, which makes me question those devs, and their management, even more.
@HackyScientress imho some dedicated API which controls the access to apps sensitive data (and delegates requests to the os permissions system) could solve that problem, and also make the whole platform better from security perspective.
@HackyScientress I think it's mostly a matter of trust and different threat models. Plus: Maybe it's not too bad considering that the most common "password manager" probably still is Chrome and Google Cloud... 😉 @firstname.lastname@example.org
The password concept it shitty anyway. It's one of the most shitty thing ever in terms of cyber-security model anyway.
@HackyScientress I've come to believe that it is some bullshit "anti brute force" measurement but like super super low effort
chaos.social – a Fediverse instance for & by the Chaos community