Password Managers & The Modern Web
I read with great interest this Wired Magazine article regarding several well-known companies' web sites actually blocking the use of password manager programs:
This week a customer called out T-Mobile for blocking their password manager. WIRED confirmed on Thursday that it was not possible to paste text into the create password field on the T-Mobile site. T-Mobile got in touch on Sunday to say the problem had now been patched.1
Jai Ferguson, a spokesman for T-Mobile, told WIRED earlier in the week that the company was “aware of the copy/paste issues and are actively working on a fix.” He added that the problem “certainly isn’t by design,” despite the HTML code used on the web-page explicitly prohibiting users from pasting into the password field.
Another customer complained that the German site for Barclaycard prevented pasting. Again, WIRED checked that this was the case. WIRED also confirmed that it was not possible to paste passwords in the registration section of the Western Union website.
The article goes on to point out the dangerous assumption that preventing a compromised user's clipboard from being accessed is a panacea, since the user's keystrokes may prove to be just as susceptible to hacking.
Of course Password Managers themselves can have their own issues, as evidenced by the recent LastPass hack.
The initial Wired article concludes by suggesting that organization's should actively encourage and promote the use of password managers. What's your take? When it comes to consumer security, are password managers part of the solution or the problem?