eventualbuddha/gist:15ed48676adc0f59eee8191d5869662b

## gistfile1.txt
The virtual keyboard at login is a terrible idea. The only stated reason for it I can find on the website is: "The advantage of using the virtual keyboard is that others are deterred from learning your password." No information is given to back up this claim. I think it's actually far _more_ likely someone will learn your password by watching you use an on-screen keyboard than by watching you type on a real keyboard.

The main reason I dislike it is that I use the 1Password password manager to generate strong passwords and auto-fill them when I visit websites. Someone watching me use 1Password to fill in my login info on a website would have no chance of learning my password as I never type it, virtually or otherwise. Instead, you force me to laboriously "type" a password using my mouse. Presented with such a system, I strongly believe most people will simply pick a password that is a) easy to remember/guess and b) easy to "type" with a virtual keyboard.

This doesn't even begin to address accessibility. I cannot imagine someone with impaired motor ability finding this password entry method anything but a nightmare. I tried getting through the login process using VoiceOver on macOS in Safari and found it to be awful. Your Account ID field has no ARIA metadata, so no label is read and it just reads "edit text field". The keys of the virtual keyboard are at least read as e.g. "W, button", but selecting one returns focus to the password field and loses my focus place on the virtual keyboard, so I have to navigate through it again for every single character. It's a nightmare.

Please consider changing this to simply be a normal password field. While whoever came up with this might have thought it a clever solution to their narrow pet problem, the system they've introduced ignores far greater problems, is insecure, and is worse at accessibility for everyone with or without motor impairment.
	The virtual keyboard at login is a terrible idea. The only stated reason for it I can find on the website is: "The advantage of using the virtual keyboard is that others are deterred from learning your password." No information is given to back up this claim. I think it's actually far _more_ likely someone will learn your password by watching you use an on-screen keyboard than by watching you type on a real keyboard.

	The main reason I dislike it is that I use the 1Password password manager to generate strong passwords and auto-fill them when I visit websites. Someone watching me use 1Password to fill in my login info on a website would have no chance of learning my password as I never type it, virtually or otherwise. Instead, you force me to laboriously "type" a password using my mouse. Presented with such a system, I strongly believe most people will simply pick a password that is a) easy to remember/guess and b) easy to "type" with a virtual keyboard.

	This doesn't even begin to address accessibility. I cannot imagine someone with impaired motor ability finding this password entry method anything but a nightmare. I tried getting through the login process using VoiceOver on macOS in Safari and found it to be awful. Your Account ID field has no ARIA metadata, so no label is read and it just reads "edit text field". The keys of the virtual keyboard are at least read as e.g. "W, button", but selecting one returns focus to the password field and loses my focus place on the virtual keyboard, so I have to navigate through it again for every single character. It's a nightmare.

	Please consider changing this to simply be a normal password field. While whoever came up with this might have thought it a clever solution to their narrow pet problem, the system they've introduced ignores far greater problems, is insecure, and is worse at accessibility for everyone with or without motor impairment.