Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
eo287538372yLately I've been taking advantage of my password manager... so some of my passwords are 64-character long Unicode strings 🤣 I'd hate to have to type that
-
@eo2875 I still go with 32 at most because otherwise either I'm lucky it supports up to 32 chars at all and doesn't let me input any more or "accepts" the password up to the limit and just drops everything I input without telling anything.
-
I think the reason is not hackers but to "protect" the users by patronizing them.
Still retarded. -
ah yes, those "hackers" that just send the POST request through something like Curl :^)
-
The real scandal is, that you tried to login on an EA site.
Long gone are the days of the original Electronic Arts which made some of the best games of their time. Today, they are known as the megacorp of gaming - with "megacorp" having a rather dystopian connotation... -
Jilano285862yTake advantage of the autotype feature of KeePass, mate! That'll work everywhere, even on launchers.
-
galena63452y@eo2875 I expect that these will get cut down to 32 or less characters by some sites/apps...
-
@linuxxx Curious, not arguing...
Can you explain a threat model where not allowing pasting of a password into a password field would prevent an attack?
If you're worried about brute-force attacking, limit failed logins or rate limit attempts.
No? -
@JustThat Any third party (or a compromised server) injecting JavaScript which would trigger on 'pasted' data and transmitting this to the attacker. Or stuff similar to this.
In most cases this won't be an issue but again, when you're facing state actors, I would not want to enable any form of data copying/pasting. Pretty much limiting as much not-directly-under-controp data handling.
Or simply some data stealing addons working this same way?
That's how I'd fuck over people using password managers 😄 -
@linuxxx Would that same code not work as a key logger and pick up anything typed?
I mean, why limit it to paste actions?
Also, as stated, some password managers actually type into the field and do not paste. -
@eo2875 i once set my windows password to be the first paragraph from a short story i wrote.
it was a bit annoying to log in. -
h4xx3r17572yI had such experience with some "enterprise" software, every time it got me, and the annoyance followed
Related Rants
Disabling pasting into a password field in 2020 with password managers, is retarded. That's it that's the rant. Doesn't matter if you think password managers are good or not. Its still retarded that there's a 40 something year old dumbfuck manager who told a web designer at EA to disable pasting into a fucking password field because he was dumb enough to think it stopped hackers or some shit like that.
rant
ea