Rather than fancy zero-day exploits, or cutting-edge malware, what you mostly need to worry about when it comes to security is using strong, unique passwords on all the sites and services you visit.
You know that. But what’s crazy is that, in 2015, some websites are intentionally disabling a feature that would allow you to use stronger passwords more easily—and many are doing so because they wrongly argue it makes you safer.
Here’s the problem: Some sites won’t let you paste passwords into login screens, forcing you, instead, to type the passwords out. This makes it impossible to use certain kinds of password managers that are one of the best lines of defense for keeping accounts locked down.
Typically, a password manager will generate a long, complex, and—most importantly—unique password, and then store it in an encrypted fashion on either your computer or a remote service. All you have to do is remember one password to enter all of your others. In essence, the task of remembering dozens of passwords is relegated to the manager, meaning that you don’t have to deploy that same, easy to remember password on multiple sites.
Companies constantly interrupt password managers, as they falsely believe they’re improving the situation by forcing people to actually type passwords in. CEO of LastPass Joe Seigrist
This week a customer called out T-Mobile for blocking their password manager. WIRED confirmed on Thursday that it was not possible to paste text into the create password field on the T-Mobile site. T-Mobile got in touch on Sunday to say the problem had now been patched.1
Jai Ferguson, a spokesman for T-Mobile, told WIRED earlier in the week that the company was “aware of the copy/paste issues and are actively working on a fix.” He added that the problem “certainly isn’t by design,” despite the HTML code used on the web-page explicitly prohibiting users from pasting into the password field.
Another customer complained that the German site for Barclaycard prevented pasting. Again, WIRED checked that this was the case. WIRED also confirmed that it was not possible to paste passwords in the registration section of the Western Union website.