Question

Who decided I can't paste the password when downloading from a financial institution.\?

Forum|Forum|6 years ago
March 12, 2020
7 replies
0 views

That's pretty much it. I have impossible-to-remember difficult-to-type passwords stored securely electronically. Since Turbo Tax won't let me paste a password, I have to enter all the information by hand.

TurboTax Home & Biz Windows

ReginaM

I am sorry, but the dis-allowance of being able cutting and pasting of passwords is security measure.

**Say "Thanks" by clicking the thumb icon in a post**Mark the post that answers your question by clicking on "Mark as Best Answer"

T

tax2019-iinnttuuiitt

I will claim that this restriction does NOT improve security. In fact, it will make it worse and will lead to

User temporarily change the password to a simpler/shorter string to type.
and will cause user endless frustration (imagining having to type blindly 64 random characters that just echoing '*****'. If user makes a mistake, how does s/he figure out which is the bad characters?)

The NIST Digital Identity guideline called this out

Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized
secret. This facilitates the use of password managers, which are widely used and in many cases
increase the likelihood that users will choose stronger memorized secrets.

I've put up with it for a few years now but I can't anymore. This year wealthfront requires an auto-generated app-only password that is 32 characters long and I just can't type all that without making mistakes.

I wrote a tool to work-around that, you can get more information here: https://github.com/hleofxquotes/entertext/wiki

M

mister_bill

I just came here to complain about the exact same thing, and it's also because of Wealthfront. I will check out your solution, thanks.

A

allanjohannesen

Not allowing pasting is not "security" in any way. I have the password in a vault on the pc, so I have control of it. Do you think the ruskies are going to steal it as I move the mouse across the screen?

Next, the password is 20 random characters. My wife read it to me as I typed it. We failed the first time by either her misreading the garbage string or my mistyping it. I refuse to feel guilty if I mistyped it and I don't blame her at all if it was her glitch. WE SHOULDN'T HAVE HAD TO DO THIS!

The same bozo appears to have thought that not showing the password was another security requirement. Since I couldn't see the **bleep** thing we just had to start the entire transcription effort all over again. So, it only took two times, but I AM PISSED OFF!

If you want to not show the password since you think your customers are so stupid as to do their taxes in a Starbucks, then put in a radio button to suppress the view.

That's two extremely stupid decisions in the same place!

M

mister_bill

Exactly. It's one poor decision made even worse by another poor decision. If you could at least see what you're typing, not being able to paste it in would be at least bearable.

G

greyghost302

This is beyond stupid as others have pointed out.

I will vote with my $, no more TT for me!

C

crc5

Agreed! This is total baloney. Passwords for banking are long and complex blocking a password manager from completing the password is terrible. Please turbo tax fix this HUGE inconvenience. It's the one thing that makes me want to switch programs each year.

S

SpecialEffects

Here it is 2024 and same problem. I note that I can log into this TurboTax page using cut-and-paste but the indescribably dumb developers don't let me do so in the tax app. Where it's really needed. Phooey.

M

Mark-D

I'm in agreement that the customer should be able to paste in data - for both passwords and for the document number that also gets entered into the second field for importing 1099 data - it make it much harder to enter the data when one cannot paste. And as other people have said, it leads one to make errors by being forced to type in a long password or document number - happened to me at least twice already. And then it causes one to bypass the download and then type in the 1099 data, which also increases the possibilities of tax return mistakes.

As a "customer-focused company" that "believes everyone should have the opportunity to prosper and we never stop working to find new innovative ways to make that possible" as Intuit you says they are, TurboTax used to make it so easy to give feedback on the product on each page of the software.

Now it seems next to impossible to provide feedback, and the fact this post has been going in since March 2020 (almost 4 years ago) seems to support weaknesses in being a "customer-focused company."

M

mister_bill

Make it five years. Still can't paste passwords this year. Absolutely mind-boggling. Textbook definition of "broken as designed".

J

jerfconard

Add my comments to those of many others. Someone might want to review NIST’s recommendations (which aren’t even that new), as tax2019-iinnttuuiitt suggested. Perhaps those responsible are unfamiliar with password managers. As has been noted, all this policy does is make the process less secure.

In addition to disallowing copy and paste, there is no way to show the password; with a long, hard-to-crack password, it’s easy to make a mistake. What on earth is the purpose of this? How many here livestream doing their taxes? And even if they did, would they be so foolish as to deliberately reveal the password?

Whoever thinks this is a good idea is arrogant and just plain stupid. Sorry ... I wish there were some way DOGE could go after these types of people.

J

jerfconard

At the risk of belaboring the point, I offer a few simple and obvious suggestions to address the issues raised here. I suspect I speak for most others who’ve commented here as well as thousands with the same thoughts who haven’t bothered to comment.

Allow copying and pasting of passwords. It’s one thing to manually enter a password if the password is “xyzzy”; it’s another if it’s a long string of random characters. And even if it’s a long pass phrase, recognize that most people have hundreds of online accounts, and remembering a different pass phrase for each account is nearly impossible. So for those who properly secure their accounts, there’s little practical alternative to using some sort of password manager and copy and paste.
If the document to be imported requires that there be no spaces in the password, remove them automatically; any decent high school coder could do this. Absent this, copying and pasting would require pasting into something like a text editor, removing the spaces, and copying and pasting that. This is simply nuts. As Kernighan and Plauger urged long ago, let the machine do the dirty work.
Allow making the password visible, preferably having one click keep the password visible for the duration of the entry. With a long password, an “enter and check” approach is little better than not allowing the password to be viewed at all. It probably makes sense to hide the password by default to protect those who bring their laptop to a crowded public library to do their taxes, but there’s little sense in hiding the password from more sensible folks who do their taxes in private.