1. 9

Summary: sites are using a custom font which is just little circles for each character, so when you type your password, it looks like you’re typing into a password field. This bypasses browser warnings.

  1.  

  2. 3

    Hadn’t thought of this before. Sort of clever, but bloody idiotic at the same time.

    1. 1

      Even better, the “password” will be stored by regular autocomplete!

      Of course, it’d be much more of a pain to think of an implement this hack instead of, you know, applying TLS. I don’t think you’d be judged for using even Let’s Encrypt if your budget simply doesn’t allow for certificates.

      1. 2

        Is there something about LE that makes it “less than” which a business would be judged?