That's pretty much it. I have impossible-to-remember difficult-to-type passwords stored securely electronically. Since Turbo Tax won't let me paste a password, I have to enter all the information by hand.
I am sorry, but the dis-allowance of being able cutting and pasting of passwords is security measure.
**Mark the post that answers your question by clicking on "Mark as Best Answer"
I will claim that this restriction does NOT improve security. In fact, it will make it worse and will lead to
- User temporarily change the password to a simpler/shorter string to type.
- and will cause user endless frustration (imagining having to type blindly 64 random characters that just echoing '*****'. If user makes a mistake, how does s/he figure out which is the bad characters?)
The NIST Digital Identity guideline called this out
Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets.
Not allowing pasting of a password is just plain stupid and removes the utility of import of data. This worked fine last year.
Sarcasm ON: "Yes, Of Course I like manually typing my 16+ digit password consisting of a random jumble of caps, normal letters, numbers and symbols." And I don't feel like turning off the sarcasm. This is just plain stupid.
And BAD for security.
The import worked fine last year, before Wealthfront went to the app-specific password. Unfortunately, I am not all that tech savvy and I am extremely reluctant to download a solution that I know nothing about, especially when I am using to access my tax software.
I'm sorry but this is so wrong as expressed by all the other folks posting. We are forever told by the security experts to make our passwords long and unrecognizable so everyone uses password managers to do this. So to now have to manually enter a long unrecognizable password without an error is extremely unworkable. Please rethink what you are doing here.
Not allowing pasting is not "security" in any way. I have the password in a vault on the pc, so I have control of it. Do you think the ruskies are going to steal it as I move the mouse across the screen?
Next, the password is 20 random characters. My wife read it to me as I typed it. We failed the first time by either her misreading the garbage string or my mistyping it. I refuse to feel guilty if I mistyped it and I don't blame her at all if it was her glitch. WE SHOULDN'T HAVE HAD TO DO THIS!
The same bozo appears to have thought that not showing the password was another security requirement. Since I couldn't see the **bleep** thing we just had to start the entire transcription effort all over again. So, it only took two times, but I AM PISSED OFF!
If you want to not show the password since you think your customers are so stupid as to do their taxes in a Starbucks, then put in a radio button to suppress the view.
That's two extremely stupid decisions in the same place!
add me to the list who are disgusted by this implementation. You either allow cut and paste OR allow us to see what we've entered. I picked a very secure password for my brokerage account... 25 characters for security reasons. Now I've entered it 3 times with no success so you've forced me to go to my account change the password to the barest minimum requirements and I still have not way of verifying if i entered it correctly. THIS SUCKS
Well, in the case of Wealthfront (which is what the tool was originally posted as the workaround for), the generated password that you need to paste is only valid for TurboTax, and can immediately be revoked, so there's basically zero exposure.
Using it for a brokerage login, you could have a valid point, but that would assume that the app is also able to access your login userid, which it's not clear that it can.
Also, the source code is available.