Just as evil are the pages that don’t let you select text or pictures for copying.
this post was submitted on 07 Jan 2025
942 points (99.6% liked)
memes
18499 readers
1615 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads/AI Slop
No advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Or training videos that pause if the window playing the video is not the last thing clicked on.
load more comments
(1 replies)
load more comments
(1 replies)
I ran into this when trying to paste my generated password into the password field on some kind of financial site and I think it is still the most egregious case of security theater I’ve seen yet.
Anyway, you want the “don’t fuck with paste” extension, available on both chrome and firefox.
You don't need this - In about:config, set dom.event.clipboardevents.enabled to false. No Addon needed.
The comment hero!
load more comments
(3 replies)
load more comments
(1 replies)
Especially for things like account numbers. No, you're not increasing security, you idiots, you're increasing human error!
load more comments
(2 replies)
It isn't right you need an extension for it, but here we are. Don't F*** With Paste
On Firefox it is some setting under about:config, no need for an extension.
load more comments
(2 replies)
TBF, I kind of get it. If someone is using a public computer you wouldn't want someone to be able to sign into a site they left open because they copied their password.
However, this won't prevent anyone from copying the password into something like notepad and just typing it out. So in the end, it's useless and makes things less user friendly. Which is what I expect these days.
I suspect the reasoning for it was more along the lines of "if you're pasting the password, that means you probably saved it in a text file on your desktop or something, and you shouldn't do that so let's stop you from doing it". In reality, it probably didn't work to make anyone store passwords more securely, and only made life unnecessarily harder for people with password managers
- User pastes something into site
- data still pasted as normal
- JScript event clears clipboard and tells user that their clipboard was safely cleared.
Literally just as secure and better behavior. Just use your brain for a few seconds.
Edit: Actually it's MORE secure because disallowing paste leaves the password or whatever in the clipboard without the user necessarily realizing it...
load more comments
(2 replies)
Public computers should just have their pastebin locked.
They shouldn't mess with things on my personal computer.
No they shouldn't. They should require a guest account that clears the session on logout. If you fail to log out when you're finished, well, mistakes have consequences. I'm tired of being handcuffed so incompetent people can have their hands held.
My bank uses a TOTP and they not only block paste, they also block all typing. Instead they popup a modal with a 0-9 digit keypand and the location of each number changes every time.
Effing obnoxious.
That's a security standard preventing keyloggers from guessing your credentials.
That's ~~a~~ security ~~standard~~ theater pretending to prevent~~ing~~ keyloggers from guessing your credentials.
FTFY
The TOTP changes every time. For modern totp hashing I'm not sure how many sequential codes a keylogger would need but I'm guessing more than I will ever enter.
Edit, asked ai for an answer to that because I was curious (maybe it's right):
Start AI
That being said, if an attacker were able to collect a large number of TOTP codes, they might be able to launch a brute-force attack to try to guess the private key. However, this would require an enormous amount of computational power and time.
To give you an idea of the scale, let's consider the following:
Assume an attacker collects 1000 TOTP codes, each 6 digits long (a common length for TOTP codes).
Assume the private key is 128 bits long (a common length for cryptographic keys).
Assume the attacker uses a powerful computer that can perform 1 billion computations per second.
Using a brute-force attack, the attacker would need to try approximately 2^128 (3.4 x 10^38) possible private keys to guess the correct one. Even with a powerful computer, this would take an enormous amount of time - on the order of billions of years.
Bank developer played too much RuneScape?
Lmao I was just about to comment, their bank must have hired a UX designer from Jagex lol
Came here hoping someone would explain how to use dev tools to remove that block or if there an addon for that, really hate this kind of restriction
Firefox often let's you bypass this shit with holding shift + right click or select the text you want to paste and drag and drop it into the field.
In about:config, set dom.event.clipboardevents.enabled to false.
load more comments
(4 replies)
You can sometimes do it anyway by right clicking (or long hold tap) on the text field to get a contextual menu popup
They've started blocking that too on phones, which is what led to this meme lol. Curiously, GBoard has a little button on the top row that shows for freshly copied text when you go into a text field that still works, GBoard must not send the text as a paste when it's done that way. But its only visible once
load more comments
(2 replies)
My impression from when I've encountered this is that it is an attempt to repel bots.
Speculating/knowing about the reason doesn't help when I'm confronted with having to input the password *6mA*P7CCuVyHo8kh%x34!63wm23&uhzSMY3Xy3$*8^%7j$VeH^7
My impression from when I’ve encountered this is that it is an attempt to repel bots.
hmm bots don't use keyboard or mouse copy & paste so I don't see how that makes sense?
my impression is this is just stupid product managers who don't understand why it's a bad idea to force all your users to manually type out their passwords or email addresses just because of the 0.1% of people who would copy and paste one with an error in.
Bots don't paste. If it a selenium related bot it would inject the value or type out each keypress.
It only causes real users pain
Weird, that's one character off from my Paramount+ password. I know from typing it on every fucking STB and console that I own and painstakingly quadruple-checking each character when it fails.
You'd think I'd just change to a passphrase but nah. Ain't nobody got time for that. Too busy ranting about user unfriendly problems that shouldn't exist in modern STB apps.
load more comments
(1 replies)
I use "don't fuck with paste", a browser extension.
Nice one, so do I now!
load more comments
(1 replies)
Let's be real, though, it's not the dev we should be mad at but some suit who thinks they know security demanding it be done that way
Most of the problems in the modern world could be solved if the front line people could to each other directly.
Suits are the bottleneck.
no, thats another layer down. hell + ultra
Lol yea the comic artist needs to come up with a follow-up 4panel with extra-extra-hell lmao
On a similar note, by mobile lemmy client won't let me copy test. Can't even select it.
If you are using Voyager you can hold down on the comment or hit the three dot button and you'll get a menu that gives you a "select text" option. I was annoyed by that until I found it.
I eventually found it as well. I'm still a bit annoyed. It's not very convenient.
load more comments
(1 replies)
load more comments
(13 replies)
view more: next ›