@TerukoL @Anonymous I thought I was very clear and @jbowler confirmed that I was clear. I want someone from turbotax to address the subject of this thread. The subject of this thread is not Form 1116. The topic is Why can't I copy/paste passwords into the import brokerage logon screen? I am very glad that jbowler posted something off topic because it proved to me that TT employees have seen this thread and are deliberately ignoring us. I have used TT for decades and because of the unwillingness to even acknowledge this issue let alone fix it I am going to cancel my auto-renewal and I'm going to use another solution next year. For a long time TT was about the only real tax software worth buying but you have a lot of competition now and if you don't start treating your customers with more respect you will not be around much longer!

Yea wtf is going here, TurboTax.  This isn’t a hard fix. Someone just needs to change the text field to be a password field that allows copy and paste. An intern can fix this. 

They are reading this and ignoring the issue. A bunch of clowns that lobby against the government to make us buy their software and they can’t even make it easy for us. 

@aboutreadytoleave TurboTax values providing quick and convenient service that is easy-to-use.  However, the security of customers' information is an even higher priority.  Some functions that were once available to provide ease and convenience have become greater security risks, and what you mention with not being able to copy and paste passwords, whether as a company decision or at the request of the companies TurboTax partners with to provide tax preparation solutions, could well be an example of just such a security measure.  Rest assured that if a convenience is no longer available, the decision has been made to make that change to protect what is most important:  personal and private data.

Preventing a copy from a password field is indeed a very commonly implemented security measure.  There is, however, absolutely no protection whatever obtained by preventing copy into a password field.
I think perhaps coders of TT mistakenly added prevention of both copy and paste in that field when it should have been copy only. Someone at Intuit should examine this and correct the error.

These are auto-generated responses.  The system (the computer) is posting pre-generated responses based on keyword searching.

Many years ago (like more than 40) I laboriously typed a Basic program into my computer called "Eliza".  It was a couple of hundred lines long; I could type it because I could see the characters as I typed them 😉  It gave similar responses.  It passed the Turing Test for intelligence.

They might be attempting to prevent automated attacks, but there are many other ways to prevent those, for example, exponential back-off and disable after many attempts.

The banks and brokerage firms own websites allow use of password managers and pasted passwords. Why should TT be more restrictive?

If they claim it's for security purposes, it's fake security.

Clearly the low level CS people are not empowered to respond to customers concerns about this.

Meanwhile, there's the autohorkey workaround.

Yes true and there is already a captcha per form response. 

the inability to paste a password into the field does not help anyone but piss people off. 

@DanielV01 - please escalate the issue instead of some bs answer saying TT is trying to “protect users”. That’s simply not true. 

@DanielV01 that is an absurd answer. To protect my data I use an extremely long and difficult password for my brokerage account. To type it in manually is very difficult. When I log into my brokerage account itself I am able to copy/paste or use my password manager. There is no way my brokerage told TT to put this in place. If you read through this entire thread you will see several people posted on how the government is even recommending using extremely hard password which require a password manager. Forcing us to type in the password actually makes it less secure. I would like to see some evidence that brokerages or government agencies have told TT that they need to do this. I'm positive you cannot provide that evidence!

Apparently they aren't empowered to respond ... and Intuit thinks they know better than their customers.

use the autohotkey workaround and remember to disable it when not using it.

-David

And as someone else also pointed out, NIST (US Gov National Institute of Standards and Time) explicitly allows this behavior.

Furthermore, another workaround is using the Mac version of the software, which doesn't have this inane restriction. I'm glad Credit Karma is improving its tax product so I and others, who are disappointed with inaccuracies and sub-standard support, will have other options.

Ref:

https://pages.nist.gov/800-63-FAQ/

https://www.thesslstore.com/blog/nist-password-pasting/

Credit Karma is owned by Intuit!

<facepalm>

From your own link, emphasis added:

In SP 800-63B, NIST has not explicitly recommended the use of password managers, but recommends that verifiers permit the use of “paste” functionality so that the subscriber can use a password manager if desired.

So NIST is saying that not permitting the use of "paste" is to disallow the use of a password manager.  As other contributors to this thread have pointed out multiple times.

Your message is ambiguous; it's not clear which behavior you refer to.  I hope this clarifies it.

>Some functions that were once available to provide ease and convenience have become greater security risks

@DanielV01 , please cite a specific example how preventing paste will reduce "security risks"

If the answer is "to prevent clipboard stealing", then the preventive measure is 'too late', the user is already has such text in the clipboard.

If the answer is "to prevent automate attack", then the two work-around "autohotkey" and "entertext" (https://github.com/hleofxquotes/entertext/wiki) show that such preventive measure is meaningless.

On the other hand, if the desire is to make your user's experience miserable  and not able to use a feature that users have paid  for, then congratulation! You've succeed.