Oh, sorry, you meant actual hieroglyphics. They’ve just gone to multiple Xs per keystroke these days. I’m barely ever in that software as we just use part of it for document control.
I got so annoyed about that that I switched from TurboTax to HR Block this year. They don’t do that.
If any one from Intuit sees this, that policy actually just cost you money.
Unrelated to that specific issue, but based on other changes in my life and the world, I’m about 99% sure that Intuit got my last dollar for the TY24’s TurboTax. I’ve been using them since IIRC early 1990s, but they’ve outlived my willingness to put up with their shit.
The PW stuff is just one more brick in their wall.
Oh it’s definitely still a threat. See what can be done at close range with readily available, off the shelf gadgets: https://youtu.be/OPckpjBSAOw?t=119
Then imagine what malicious governments and other organizations can do.
That’s strange, because I had to log in to Intuit to activate my copy of TurboTax recently and there’s no way I manually typed in my randomly-generated saved password.
Maybe they don’t allow pasting, but they do allow auto-filling from the saved passwords within the browser or password manager?
Note I’m talking about using the old fashioned actual .exe version of Turbotax installed on your hard drive, not the browser-based online version of Turbotax.
Did you try to download your 1099s into your return from some third party site (e.g. Vanguard) using Turbotax’s interface? That’s the place where IME they want you to provide your e.g. Vanguard username and Vanguard PW, but won’t let you paste in the PW from a PW manager. And the next issue is the PW manager doesn’t recognize that screen in the app as something can it fill out directly. You’re not in a browser.
LSLGuy is correct. They don’t let you paste a password in the actual program. They don’t (Not that they won’t try, I’m sure) control the browser.
That nosnense is why I created a little AutoHotkey Script that just accesses the clipboard and sends simulated keystrokes.
I find I run into it more with pin numbers, though. When they send you a pin in your email, but set up the system where they have a box for each letter, and they don’t set it up where pasting in the first box fills up the rest.
As a web software developer, this stupid example of stupid “security by stupidity” really bugs me with, well.. the stupidity.
I mean, I am not sure where to start. It relies on client-side javascript, which I can disable. It is browser specific, some browsers do not use javascript (Lynx, an older browser aimed at blind people, for example). It is at best security theatre, because that OTP got to me via a “secure” channel, either email or cellular service, so it is merely an effort to kick the can down the road when something goes wrong.
I have nothing against 2FA (Two factor authentication) … just this stupid implementation.
Gah! I hate these pointless non-user-friendly bullshit additions to the web.
I’ve also noticed a more frequent choice of having the password entry be visible (a little eyeball icon type thing).
But yes, blocking pasting of passwords or confirmation numbers is a PITA. (Then again there’s the peculiarity when you are entering a site via the mobile app, where the 2FA code will be sent to the very same mobile you are using, and at least in iOS it is already preprogrammed to copy-and-get-ready-to-paste the code).
Little known fact: more patients than ever are dropping dead in their physicians’ office undetected, while the doc is focused on their laptop screen, filling out mandatory forms and looking up lab results.
Oh man, yes. I have two fingers on my left hand that are going numb (it’s a nerve thing) so that makes it worse. Work requires the whole sheeebang for passwords. 14 characters, upper, lower, special character and numbers. I finally came up with a system for myself to remember the damn thing, it’s based on song lyrics.
In modern Windows (since ??), there is no text inside those fields. The password is held as a SecureString, which in modern Windows (since ??) is not simple. When you view the text (which can only be done while the input has focus), the value is decrypted for you on-the-fly.
In old windows you had to use the ‘simple useful app’ to get the text because there was no other way to display it, and you could use the ‘simple useful app’ because the text value was linked to the password dialog.
Anyway, what it means is that there is a secondary value for password dialogs with those dots: they are built differently than other kinds of text-entry dialogs.
Johnny Carson : “I did not know that”