I use "don't fuck with paste", a browser extension.
this post was submitted on 07 Jan 2025
855 points (99.5% liked)
memes
10829 readers
4301 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Nice one, so do I now!
"welcome" :)
My bank uses a TOTP and they not only block paste, they also block all typing. Instead they popup a modal with a 0-9 digit keypand and the location of each number changes every time.
Effing obnoxious.
That's a security standard preventing keyloggers from guessing your credentials.
The TOTP changes every time. For modern totp hashing I'm not sure how many sequential codes a keylogger would need but I'm guessing more than I will ever enter.
Edit, asked ai for an answer to that because I was curious (maybe it's right):
Start AI
That being said, if an attacker were able to collect a large number of TOTP codes, they might be able to launch a brute-force attack to try to guess the private key. However, this would require an enormous amount of computational power and time.
To give you an idea of the scale, let's consider the following:
Assume an attacker collects 1000 TOTP codes, each 6 digits long (a common length for TOTP codes).
Assume the private key is 128 bits long (a common length for cryptographic keys).
Assume the attacker uses a powerful computer that can perform 1 billion computations per second.
Using a brute-force attack, the attacker would need to try approximately 2^128 (3.4 x 10^38) possible private keys to guess the correct one. Even with a powerful computer, this would take an enormous amount of time - on the order of billions of years.
Bank developer played too much RuneScape?
Lmao I was just about to comment, their bank must have hired a UX designer from Jagex lol
My impression from when I've encountered this is that it is an attempt to repel bots.
Speculating/knowing about the reason doesn't help when I'm confronted with having to input the password *6mA*P7CCuVyHo8kh%x34!63wm23&uhzSMY3Xy3$*8^%7j$VeH^7
if you use keepasxc, what about autotype? I could never get it to work but idk.
Bots don't paste. If it a selenium related bot it would inject the value or type out each keypress.
It only causes real users pain
My impression from when I’ve encountered this is that it is an attempt to repel bots.
hmm bots don't use keyboard or mouse copy & paste so I don't see how that makes sense?
my impression is this is just stupid product managers who don't understand why it's a bad idea to force all your users to manually type out their passwords or email addresses just because of the 0.1% of people who would copy and paste one with an error in.
Weird, that's one character off from my Paramount+ password. I know from typing it on every fucking STB and console that I own and painstakingly quadruple-checking each character when it fails.
You'd think I'd just change to a passphrase but nah. Ain't nobody got time for that. Too busy ranting about user unfriendly problems that shouldn't exist in modern STB apps.
Let's be real, though, it's not the dev we should be mad at but some suit who thinks they know security demanding it be done that way
Most of the problems in the modern world could be solved if the front line people could to each other directly.
Suits are the bottleneck.
On a similar note, by mobile lemmy client won't let me copy test. Can't even select it.
If you are using Voyager you can hold down on the comment or hit the three dot button and you'll get a menu that gives you a "select text" option. I was annoyed by that until I found it.
I eventually found it as well. I'm still a bit annoyed. It's not very convenient.
I can do this on my phone and it's easier than the select text button
still annoying though
Which one?
Jerboa
You actually have multiple options. They all work for posts and comments.
- ⋮ / View Source
- Reply (above the text field, the source of the parent post/comment is visible and selectable)
- ⋮ / Copy / Copy Comment Text (for a copy-all operation, obviously; you caan also copy permalinks, post titles and URLs)
How did you not notice? Also, it's expected behavior that you can't just copy text from the comment view, and making ot work with rendered Markdown would be difficult.
Those are rather awkward options. Standard functionaliy is preferable, even with loss of markdown.
I think it's a detail that the dev just hasn't yet addressed.
This is not standard functionality, dude. Very few Android apps make comments etc. selectable in the default view.
Most people prefer swipe gestures and hold-for-context-menu, and Markdown rendering is important. Have you tried to follow a table in non-rendered MD?
Yikes 😆
They might be new to Lemmy, the account is less than 2 weeks old... but I always snoop around the options of apps soon after I install them. My phone can't send an ICBM launch order so it's usually fine but I don't know about theirs.
I always snoop around the options of apps soon after I install them
I'm the same. Always looking to get the full experience out of stuff I use.
My phone can't send an ICBM launch order so it's usually fine but I don't know about theirs.
lol what, is this a thing?
Also curious.
Jerboa
Especially for things like account numbers. No, you're not increasing security, you idiots, you're increasing human error!
Yep. It's always when I'm adding a payment method to like a credit card or something.
The ones that are web-based and block password vault auto fill...on desktop...those really grind my gears.
Also, is it me, or is android really bad about detecting when something is a username/password field and the vault auto fill should be suggested
It's pretty bad. I get the pop-up for a lot of incorrect fields.
It isn't right you need an extension for it, but here we are. Don't F*** With Paste
using chrome in the first place
using characters that need to be escaped in your plugins name
On Firefox it is some setting under about:config, no need for an extension.
dom.event.clipboardevents.enabled
Sadly this doesn't work reliably - an increasing number of sites still manage to block it. Also it prevents other sites from working properly.
I ran into this when trying to paste my generated password into the password field on some kind of financial site and I think it is still the most egregious case of security theater I’ve seen yet.
Anyway, you want the “don’t fuck with paste” extension, available on both chrome and firefox.
You don't need this - In about:config, set dom.event.clipboardevents.enabled to false. No Addon needed.
load more comments
(4 replies)
load more comments
(1 replies)
view more: next ›