And even if theres an app for Windows (https://github.com/jlaundry/TypeClipboard) that can type it for you and even has a shortcut.
I am sure someone in the linux world knows an equivalent tool.
We use it at work to paste long passwords when remoting in.
As a super secret dev hack may I introduce you to shift + insert a fair few sites specifically block ctrl + v instead of properly disabling the clipboard action and, of course, if you read this and then submit a Jira ticket to block shift + insert… well… h8u
I usually to in the developer tools and manually disable the thing preventing the paste action. It’s usually a string to remove some JS or something or an Event that you need to uncheck
Any password manager should be able to “type in” the password. Or be a browser plugin that doesn’t rely on copy pasting, but use other mechanisms to inject it directly into the field.
But yes, if that’s their online portal, I am not kidding I would change banks.
I had to create an account on a government website. The website didn’t list a character limit so I used a password manager to generate a 32 character password. My account was created but I couldn’t log in. I used the “forgot my password” option and I received an email of my password in plain text. I also noticed why I couldn’t log in. The password was truncated to just 20 characters. Brilliant website! Tax dollars at work!
At least it should not, in many countries must not, be the only measure.
I once encountered an OR in the requirements: Capital letters, small letters and digits OR special characters.
Sweden. The little keyfob thingies have been the thing for many decades here, I would guess ever since the dawn of internet banking, but I’d have to ask my parents instead of just assuming. I used to assume that was just normal for banks in the world at large. When you want to log in, the website gives you a code, you type the code into the fob and it responds with another code you type in to the website.
Nowadays they additionally offer login via BankID, a mobile app used throughout Sweden for personal online identification.
As a German, when living in Sweden, I was (and still am) very impressed, how widespread the use of (Mobile) Bank ID, beside the use of the personal ID number (As a male German, the state has assigned me at least three different ones without requiring any interaction.) for basically everything, is.
In Germany, before introducing a second electronic way of authentication for online (or phone) banking, it was done by a chosen password and a TAN (transaction number) from a list that you regularly got sent by mail in a special envelope. Later it was replaced by that “thingy”, a mobile TAN generator, or push TAN via SMS.
It was not special from the outside, but from the inside. It was either the envelope or the TAN list that was printed with a special pattern to prevent reading the list by using a flashlight.
OTP for 2FA has just started becoming common here (US) within the last decade I think. Each bank has its own separate app and many banks seem to limit password lengths to less than other websites.
It’s fucking insane that an internet banking portal has such a low cap on max characters and such shitty rule enforcement.
Their desktop site is even more shitty. It won’t allow right click or paste actions. There goes compatibility with password managers.
Bitwarden has a function where it types in (not pastes) the password and shows the prompt for it without right-click.
And even if theres an app for Windows (https://github.com/jlaundry/TypeClipboard) that can type it for you and even has a shortcut.
I am sure someone in the linux world knows an equivalent tool.
We use it at work to paste long passwords when remoting in.
On Mac you can use Hammerspoon and just create a shortcut to
hs.eventtap.keyStrokes(hs.pasteboard.getContents())As a super secret dev hack may I introduce you to
shift + inserta fair few sites specifically blockctrl + vinstead of properly disabling the clipboard action and, of course, if you read this and then submit a Jira ticket to blockshift + insert… well… h8uYou can also drag the password in from another text field instead of pasting
I usually to in the developer tools and manually disable the thing preventing the paste action. It’s usually a string to remove some JS or something or an Event that you need to uncheck
If you’re opening up the dev tools you can also paste your string directly into
<input value="" />unless something weird is going on.Aah… I completely forgot about that. Will try next time. Also yesterday I saw Shift + F10 will show the context menu. Yet to test it on this site.
Any password manager should be able to “type in” the password. Or be a browser plugin that doesn’t rely on copy pasting, but use other mechanisms to inject it directly into the field.
But yes, if that’s their online portal, I am not kidding I would change banks.
Visa has a hard limit of 8 and requires the first 4 to be numbers because the phone tree might require it as a password
The whole banking industry is ridiculous and is ridiculously legislated
USAA has 8-12 ONLY. My smallest memorized password algorithm is 13 characters, that I typically use for throwaways, doesn’t even fit.
The ERP software I have to use has a strict limit of 6 characters as password. Only alphabet and numbers allowed.
Maybe when I leave I try an SQL injection.
Bobby tables, noooooooo!
I had to create an account on a government website. The website didn’t list a character limit so I used a password manager to generate a 32 character password. My account was created but I couldn’t log in. I used the “forgot my password” option and I received an email of my password in plain text. I also noticed why I couldn’t log in. The password was truncated to just 20 characters. Brilliant website! Tax dollars at work!
They can’t even properly check their copy on critical infrastructure. Top notch work over there, top to bottom.
It is insane that any internet banking portal still uses a static password.
wdym? What’s a dynamic password?
A rotating code key - a lot of banks these days will give you a fob to enter a rotating proof of ownership off of along with your password.
A token?
At least it should not, in many countries must not, be the only measure.
I once encountered an OR in the requirements: Capital letters, small letters and digits OR special characters.
seriously, I’ve never seen a bank with password login to begin with. Every bank i know of uses physical devices that you type a code into
Never heard of this. Where is this at? :o
Sweden. The little keyfob thingies have been the thing for many decades here, I would guess ever since the dawn of internet banking, but I’d have to ask my parents instead of just assuming. I used to assume that was just normal for banks in the world at large. When you want to log in, the website gives you a code, you type the code into the fob and it responds with another code you type in to the website.
Nowadays they additionally offer login via BankID, a mobile app used throughout Sweden for personal online identification.
As a German, when living in Sweden, I was (and still am) very impressed, how widespread the use of (Mobile) Bank ID, beside the use of the personal ID number (As a male German, the state has assigned me at least three different ones without requiring any interaction.) for basically everything, is.
In Germany, before introducing a second electronic way of authentication for online (or phone) banking, it was done by a chosen password and a TAN (transaction number) from a list that you regularly got sent by mail in a special envelope. Later it was replaced by that “thingy”, a mobile TAN generator, or push TAN via SMS.
OMG the special envelope seems to make it specially easier for people to steal just the right mail
It was not special from the outside, but from the inside. It was either the envelope or the TAN list that was printed with a special pattern to prevent reading the list by using a flashlight.
I want this so bad now.
OTP for 2FA has just started becoming common here (US) within the last decade I think. Each bank has its own separate app and many banks seem to limit password lengths to less than other websites.