Somewhere in the middle of the process, after entering a fantastic password generated by my password manager, to log back into the site, I was presented with this virtual keyboard. You are forced to enter your password using the virtual keyboard by clicking on the keys. Entering 40 random characters by clicking on the image is SUPER TEDIOUS.

Not to mention, it took me about 10 attempts to enter the password correctly. I didn’t notice it until getting extremely frustrated, but clicking a button on the virtual keyboard will sometimes double-click the character.

After getting into the site, any attempt to navigate using the browsers forward/back buttons will immediately log you out. As will an accidental double-click on any of the navigation.

It’s a good thing they have a monopoly on savings bonds, because nobody would try to use this and stay sane!

The post Silly Security: TreasuryDirect.gov is the worst website ever appeared first on Brandon Checketts.

The first screen shows the card you are replacing, and includes the last four digits of the card.

 
Then the following screen asks for the last four digits of the card number “In order to verify possession”.

You probably shouldn’t tell me the last four digits before asking me to confirm that I have the card.

The post Silly Security: Don’t Show Me The Secret, Then Confirm I Have It! appeared first on Brandon Checketts.