My mobile phone company recently redid their website. When I tried to log in to the new site - using my normal method, copy and paste the password out of KeepassX - I discovered that they have disabled clipboard access to the password input field via javascript.
I rang them up and the person on the other end told me that this was intentional and had been done for security reasons. I asked if he was aware of anyone else who had taken this step as I had never encountered it before (actually, I think I may have, but that was back in the 90s). He named some obscure gaming site. It seems to be that disabling the pasting of passwords could only really have a bad effect on security. I can see no mechanical benefit, a keylogger is going to be just as good at recording a manually keyed password as a pasted one, and forcing users to key in their password just about guarantees worse passwords. Can any linkers think of a reason why doing this would be a good idea? _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
