Photo of Terence Eden. He has a beard and is smiling.

I can't use my number pad for 2FA codes

· 10 comments · 400 words · Viewed ~5,137 times.

This has to be the most infuriating bug report I've ever submitted.

I went to type in my 2FA code on a website - but no numbers appeared on screen. Obviously, I was an idiot and had forgotten to press the NumLock button. D'oh! I toggled it on and typed again. No numbers appeared. I switched to another tab, my numbers appeared when I typed them. So I was reasonably confident that my keyboard was working.

I swapped back to the 2FA entry and tried again. Still nothing. Then I tried typing the numbers using the number row on my keyboard. My 2FA code appeared.

WHAT IN THE SAINTED NAME OF ALPHONSE CHAPANIS IS GOING ON?!?!?

Developers often use JavaScript to "improve" the standard features of HTML. For example, using <input type="number"> has some accessibility concerns and using inputmode="numeric" is great for showing a number key board on mobile, but not much else.

So a developer wants a reliable way to make sure a user can only type numbers. Fair enough.

There are two ways to do this - a right way and a wrong way - using KeyboardEvent.

One way is to listen for the character being sent from the keyboard - known as the key.

The other is to listen for the button being pressed on the keyboard - known as the code.

A good demo of this is at keyjs.dev - play around with it to see what keyboard buttons your browser can detect.

When I press 7 on the top row of my keyboard, the key is 7 and the code is Digit7.

But when I press 7 on my number pad, the key is 7 but the code is Numpad7.

The JavaScript on the website was rejecting any key code which wasn't a "Digit"!

Perhaps I am a weirdo for insisting on both having and using my numpad? Perhaps developers need to test on something other than MacBooks? Perhaps JavaScript was a mistake and the Web would be better without it?

Either way, don't be like that website. Let users type in using whatever keys they like.

Share this post on…

10 thoughts on “I can't use my number pad for 2FA codes”

  7. said on circumstances.run:

    @ Edent the bright javascript developers who decided to override system input mechanisms are fucking anathema.

    (in many payment interfaces i cannot use compose key to type my proper name because some fucking genius decided that they will accept only raw keystrokes. ah, and of course no paste. because why would i want to paste my credit card number from my secret vault, when i can fucking type it.)

    Reply | Reply to original comment on circumstances.run

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.

See allowed HTML elements: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">