Hacker News new | ask | show | jobs
by Steer 2838 days ago
The Swedish Bank ID also disallows copy/paste of passwords. When I contacted the company that builds the solution I got more or less the same response, "it is safer for normal users" which I didn't really understand. Highly annoying.
3 comments
zorked 2838 days ago
I have heard the argument that regular users often believe that copying and pasting passwords makes them immune to keylogging, so allowing that will cause some of them to keep a copy of their password on a plaintext file on their desktop where otherwise they would just type from memory.

Not sure if that's what banks are thinking about.

link
hazz99 2837 days ago
Probably a dumb question, but doesn't copying & pasting protect against keylogging? The only key events being sent is CTRL+C and CTRL+V (or the mouse equivalent), and not the password keys themselves.

Obviously this is an extremely bad way to "protect" yourself (since you keep your password in plaintext on your PC), but it does protect against keylogging, right?

link
TheCoelacanth 2837 days ago
Maybe keylogging in the strictly literal sense, but I think most software "keyloggers" log the clipboard too. I suppose it would protect you from a physical keylogger.
link
user5994461 2837 days ago
To clarify, it is not a maybe, keyloggers definitely monitor the clipboard. It's one of the most basic features of a key logger.

Another basic features is logging the active window/process to know where the user is currently writing to.

link
bluGill 2837 days ago
Correct, it does foil key logging. However in general installing a key logging is harder to pull off than just copying all files from the machine in question. Of course it depends on which known unpatched security hole exists on the system at the time. However in general a program is more likely to be able to read arbitrary files.
link
_pdp_ 2838 days ago
This is deterrent for storing a plain text password in a file on your desktop. Frankly, if you are already keylogged your plain text passwords are already stollen.
link
Kalium 2838 days ago
It's not. What it does do is make your average user feel safer because they're told this is fore their safety and not equipped to evaluate the claim.
link