• Stovetop@lemmy.world
      45·
      4 months ago

      You can’t copy our JPEGs! That’s stealing! If you want to look at these JPEGs whenever you want, you need to register for an account and tag your favorites so we can monitor your viewing habits and sell your personality profile to advertisers and government entities!

    • 50MYT@lemmy.world
      7·
      4 months ago

      Or training videos that pause if the window playing the video is not the last thing clicked on.

  • __init__@programming.dev
    27·
    4 months ago

    I ran into this when trying to paste my generated password into the password field on some kind of financial site and I think it is still the most egregious case of security theater I’ve seen yet.

    Anyway, you want the “don’t fuck with paste” extension, available on both chrome and firefox.

    • maccentric@sh.itjust.worksEnglish
      23·
      4 months ago

      You don’t need this - In about:config, set dom.event.clipboardevents.enabled to false. No Addon needed.

      • __init__@programming.dev
        1·
        4 months ago

        Nice, didn’t know about that one. I imagine there are side effects to disabling it globally though? Those goofy OTP code inputs implemented as six single digit inputs jumps to mind, they probably rely on the paste event. The extension works similarly but lets you only enable it for problematic sites.

        • brygphilomena@lemmy.world
          1·
          4 months ago

          I have an auto hotkey script that I always have running. It just takes my clipboard and sends the key presses to type it in when I press Ctrl + shift + v.

          It gets me around most of this sort of bullshit.

        • maccentric@sh.itjust.worksEnglish
          1·
          4 months ago

          I just found it recently when DFWP failed to allow me to paste on a site (which happens quite often in my experience). I had the same thoughts about this setting but so far I haven’t noticed anything. I keep it open in a tab in case I need to toggle it though.

  • Alexstarfire@lemmy.world
    185·
    4 months ago

    TBF, I kind of get it. If someone is using a public computer you wouldn’t want someone to be able to sign into a site they left open because they copied their password.

    However, this won’t prevent anyone from copying the password into something like notepad and just typing it out. So in the end, it’s useless and makes things less user friendly. Which is what I expect these days.

    • hikaru755@lemmy.world
      14·
      4 months ago

      I suspect the reasoning for it was more along the lines of “if you’re pasting the password, that means you probably saved it in a text file on your desktop or something, and you shouldn’t do that so let’s stop you from doing it”. In reality, it probably didn’t work to make anyone store passwords more securely, and only made life unnecessarily harder for people with password managers

  • Dagnet@lemmy.world
    11·
    4 months ago

    Came here hoping someone would explain how to use dev tools to remove that block or if there an addon for that, really hate this kind of restriction

  • nucleative@lemmy.worldEnglish
    11·
    4 months ago

    My bank uses a TOTP and they not only block paste, they also block all typing. Instead they popup a modal with a 0-9 digit keypand and the location of each number changes every time.

    Effing obnoxious.

    • Shapillon@lemmy.world
      63·
      4 months ago

      That’s a security standard preventing keyloggers from guessing your credentials.

      • cm0002@lemmy.worldOP
        7·
        4 months ago

        That’s a security standard theater pretending to preventing keyloggers from guessing your credentials.

        FTFY

      • nucleative@lemmy.worldEnglish
        4·
        4 months ago

        The TOTP changes every time. For modern totp hashing I’m not sure how many sequential codes a keylogger would need but I’m guessing more than I will ever enter.

        Edit, asked ai for an answer to that because I was curious (maybe it’s right):

        Start AI

        That being said, if an attacker were able to collect a large number of TOTP codes, they might be able to launch a brute-force attack to try to guess the private key. However, this would require an enormous amount of computational power and time.

        To give you an idea of the scale, let’s consider the following:

        Assume an attacker collects 1000 TOTP codes, each 6 digits long (a common length for TOTP codes).
Assume the private key is 128 bits long (a common length for cryptographic keys).
Assume the attacker uses a powerful computer that can perform 1 billion computations per second.

        Using a brute-force attack, the attacker would need to try approximately 2^128 (3.4 x 10^38) possible private keys to guess the correct one. Even with a powerful computer, this would take an enormous amount of time - on the order of billions of years.