I saw some content today about savings bonds having a great interest rate. So I tried to sign up. I didn’t know I was going to waste an hour to simply create an account. This has to be the worst website I’ve ever seen.
Somewhere in the middle of the process, after entering a fantastic password generated by my password manager, to log back into the site, I was presented with this virtual keyboard. You are forced to enter your password using the virtual keyboard by clicking on the keys. Entering 40 random characters by clicking on the image is SUPER TEDIOUS.
Not to mention, it took me about 10 attempts to enter the password correctly. I didn’t notice it until getting extremely frustrated, but clicking a button on the virtual keyboard will sometimes double-click the character.
After getting into the site, any attempt to navigate using the browsers forward/back buttons will immediately log you out. As will an accidental double-click on any of the navigation.
It’s a good thing they have a monopoly on savings bonds, because nobody would try to use this and stay sane!
4 thoughts on “Silly Security: TreasuryDirect.gov is the worst website ever”
That sounds exactly like my experience but I have a different layer. I accidentally left a digit off of my bank number and you can’t edit it from the site! You need to fill out a long form, have it notorized, and mail it in. And, the form is confusing. Just to correct a digit!!!
Sounds about right.
Right Click->Inspect the password field, and delete the readonly=”readonly” bit from the input field. Then, you can copy/paste your password from your password manager.
It’s a terrible login form, and I ran into the exact same issue as you.
Good trick. I’ll try this next time