Why sign in to the Community?

  • Submit a question
  • Check your notifications
Sign in to the Community or Sign in to TurboTax and start working on your taxes
Level 1
posted Mar 12, 2020 9:39:27 AM

Who decided I can't paste the password when downloading from a financial institution.\?

That's pretty much it.  I have impossible-to-remember difficult-to-type passwords stored securely electronically. Since Turbo Tax won't let me paste a password, I have to enter all the information by hand.

8 27 3851
24 Replies
Expert Alumni
Mar 12, 2020 10:06:07 AM

I am sorry, but the dis-allowance of being able cutting and pasting of passwords is security measure.  

Level 2
Jan 30, 2021 3:09:15 PM

I will claim that this restriction does NOT improve security. In fact, it will make it worse and will lead to

  • User temporarily change the password to a simpler/shorter string to type.
  • and will cause user endless frustration (imagining having to type blindly 64 random characters that just echoing '*****'. If user makes a mistake, how does s/he figure out which is the bad characters?)

The NIST Digital Identity guideline called this out

Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized
secret. This facilitates the use of password managers, which are widely used and in many cases
increase the likelihood that users will choose stronger memorized secrets.
I've put up with it for a few years now but I can't anymore. This year wealthfront requires an auto-generated app-only password that is 32 characters long and I just can't type all that without making mistakes.
 
I wrote a tool to work-around that, you can get more information here: https://github.com/hleofxquotes/entertext/wiki 
 

Level 4
Feb 4, 2021 9:53:07 AM

I just came here to complain about the exact same thing, and it's also because of Wealthfront. I will check out your solution, thanks.

New Member
Feb 15, 2021 7:56:11 PM

Not allowing pasting of a password is just plain stupid and removes the utility of import of data. This worked fine last year.

 

Sarcasm ON: "Yes, Of Course I like manually typing my 16+ digit password consisting of a random jumble of caps, normal letters, numbers and symbols." And I don't feel like turning off the sarcasm. This is just plain stupid.

 

And BAD for security.

Level 4
Feb 15, 2021 9:39:09 PM

I don't think it did work previously, given tax2019-iinnttuuiitt's comment. In any event, their solution worked great for me. I highly recommend checking it out!

Level 3
Feb 16, 2021 11:41:23 AM

The import worked fine last year, before Wealthfront went to the app-specific password.      Unfortunately, I am not all that tech savvy and I am extremely reluctant to download a solution that I know nothing about,  especially when I am using to access my tax software.  

Level 1
Mar 1, 2021 12:18:39 PM

I'm sorry but this is so wrong as expressed by all the other folks posting. We are forever told by the security experts to make our passwords long and unrecognizable so everyone uses password managers to do this. So to now have to manually enter a long unrecognizable password without an error is extremely unworkable. Please rethink what you are doing here.

Level 2
Mar 6, 2021 12:18:08 PM

Not allowing pasting is not "security" in any way. I have the password in a vault on the pc, so I have control of it. Do you think the ruskies are going to steal it as I move the mouse across the screen?

 

Next, the password is 20 random characters. My wife read it to me as I typed it. We failed the first time by either her misreading the garbage string or my mistyping it. I refuse to feel guilty if I mistyped it and I don't blame her at all if it was her glitch. WE SHOULDN'T HAVE HAD TO DO THIS!

 

The same bozo appears to have thought that not showing the password was another security requirement. Since I couldn't see the **bleep** thing we just had to start the entire transcription effort all over again. So, it only took two times, but I AM PISSED OFF!

 

If you want to not show the password since you think your customers are so stupid as to do their taxes in a Starbucks, then put in a radio button to suppress the view.

 

That's two extremely stupid decisions in the same place!

Level 4
Mar 6, 2021 4:13:54 PM

Exactly. It's one poor decision made even worse by another poor decision. If you could at least see what you're typing, not being able to paste it in would be at least bearable. 

Level 2
Mar 28, 2021 8:47:57 AM

add me to the list who are disgusted by this implementation.   You either allow cut and paste OR allow us to see what we've entered.    I picked a very secure password for my brokerage account...  25 characters for security reasons.  Now I've entered it 3 times with no success so you've forced me to go to my account change the password to the barest minimum requirements and I still have not way of verifying if i entered it correctly.    THIS SUCKS

Level 2
Mar 28, 2021 9:00:41 AM

oh and after you get the message that the user name or password is incorrect it directs you to "verify it".  how the @#$@#$@ can you do that when you can't SEE what you entered?

Level 2
Mar 28, 2021 9:06:18 AM

Thank you for the workaround "entertext".    I was able to use it and it will save me a lot of work.   No thanks to Intuit however.   

Level 2
Mar 28, 2021 9:08:07 AM

With respect, installing a tool from a public form -- a tool specifically designed to cut and paste passwords -- sounds like a bad idea.  

Level 4
Mar 28, 2021 9:12:49 AM

Well, in the case of Wealthfront (which is what the tool was originally posted as the workaround for), the generated password that you need to paste is only valid for TurboTax, and can immediately be revoked, so there's basically zero exposure.

 

Using it for a brokerage login, you could have a valid point, but that would assume that the app is also able to access your login userid, which it's not clear that it can.

 

Also, the source code is available.

Level 2
Mar 31, 2021 3:17:32 PM

This is beyond stupid as others have pointed out.

 

I will vote with my $, no more TT for me!

Returning Member
Mar 12, 2022 9:03:28 PM

As many have indicated this is one of the STUPIDEST thing to do.

By preventing users to paste password from password managers, you are making everything LESS SAFE. Claiming this is for security is totally moronic! The only thing it does is pushing your paid customers over the edge and buy an alternative to Turbo Tax. The user experience and "so-called guidance" has never been great, but was borderline tolerable. Forcing your users to type complex long password (as they should be, unless you are still using your spouse name and dob as password? lol), and obvioulsy fail a few times, or enter everything by hand. Pathetic software.

Level 1
Feb 19, 2023 11:47:42 AM

"It's a security measure"

By making it less secure - not helpful.  Who decided this?  Needs to go back to kindergarten.

Not being able to paste a password makes it less secure!

Please update the program to correct this misguided mistake.

Level 1
Mar 4, 2023 11:52:58 AM

I disagree that this is a security measure.  This is an anti-security measure.  Password managers (wallets) are useful security tools because they help us use very complex and secure passwords.  Disallowing "paste" means that we need to have a copy of the password in clear text in clear view, which is hardly a security measure. 

Level 1
Mar 4, 2023 4:25:02 PM

go to this website. you can create a pasting script to bypass their restriction...

 

https://www.autohotkey.com/

Level 2
Mar 6, 2023 10:29:49 AM

I can't believe this is still getting replies 3 years after my report. Apparently, the programmer is not only dumber than a bag of hammers, but he is stubborn, too.

 

This year, I find that I can import from Fidelity Investments without dealing with the broken TurboTax authenticator. TurboTax has some sort of back-door connection they establish to Fidelity where Fidelity handles the authentication and TurboTax can import the stuff that way.

 

The problem here is that the back-door connection remains live for some indeterminate time, and I cannot break out of that. I will have to wait some long time, try the connection, and hope to get the authentication pop-up from Fidelity again. That way we could use my wife's authentication to get to her accounts.

Level 1
Feb 5, 2024 9:21:15 AM

Agreed! This is total baloney. Passwords for banking are long and complex blocking a password manager from completing the password is terrible. Please turbo tax fix this HUGE inconvenience. It's the one thing that makes me want to switch programs each year.

Level 2
Feb 6, 2024 3:37:23 PM

Here it is 2024 and same problem. I note that I can log into this TurboTax page using cut-and-paste but the indescribably dumb developers don't let me do so in the tax app. Where it's really needed. Phooey.

Level 2
Feb 22, 2024 5:41:20 PM

I'm in agreement that the customer should be able to paste in data - for both passwords and for the document number  that also gets entered into the second field for importing 1099 data - it make it much harder to enter the data when one cannot paste. And as other people have said, it leads one to make errors by  being forced to type in a long password or document number - happened to me at least twice already. And then it causes one to bypass the download and then type in the 1099 data, which also increases the possibilities of tax return mistakes.

 

As a "customer-focused company" that "believes everyone should have the opportunity to prosper and we never stop working to find new innovative ways to make that possible" as Intuit you says they are, TurboTax used to make it so easy to give feedback on the product on each page of the software.

 

Now it seems next to impossible to provide feedback, and the fact this post has been going in since March 2020 (almost 4 years ago) seems to support weaknesses in being a "customer-focused company." 

Level 4
Feb 15, 2025 7:51:45 PM

Make it five years. Still can't paste passwords this year. Absolutely mind-boggling. Textbook definition of "broken as designed".