So annoying when web sites disable copy/paste for password

January 19, 2021, 7:07 pm
So annoying when web sites disable copy/paste for password
So annoying when web sites disable copy/paste for password fields. What the hell?

Official Content-Security-Policy header in a near past used to break LastPass browser extension from doing things with the website like maybe injecting styles and whatever...

As a User I want the copy paste function to be disabled for password fields So That I will enjoy the look of the login form for longer and better remember my password manager generated passwords cc There is a special curse for developers that stop you from pasting in a password. Also for those that clear the fields when you switch apps in android.

The clipboard buffer is not secure. Nowadays, clipboards persist multiple passwords long after it is used and other apps read them Website: your password must be 15 characters long, contain letters, numbers & special characters. Oh, and you cant have a letters or numbers side by side. Also, it cannot be remotely recognizable as a word. Also Website: password masked Also Website: No paste for you!

Its almost as if theyre trying to ensure you are susceptible to keyloggers.

It`s an anti pattern. And keeps me away from using randomly generated passwords for such sites. What I`ve found most amusing is that sites that require higher levels of security (banks, payments etc.) seem to be the ones that have this restriction in place.

I think password manager browser extensions need to just disable this

I`d bet that jQuery is there only for that purpose. How cool is that? :D

They think they`re so smart.

Thank God on android i can switch to keypass keyboard and that is just "a key press" they can`t get around to, a big middle finger in their face

I`m missing the point, but they could have also just added a CSS class like .js-nocopy and they could save up on registering only one handler refucktoring

I use hammerspoon to get around this on OSX. It takes the clipboard and plays it out one key at a time.

Even the code style screams "ugh.". E.g. no space between // and comment. Typo. And why not loop over element selectors to apply the blocking for to have the paste disable dance done only once

This is terribly hostile, anti-user behavior and it should be stopped. But also, would a for-loop over the various form field IDs have been so hard for them to write? *shakes in anguish*

The amazing thing is? The developer who had to code that spelt copy as copu in the comment, so the actual code itself is probably mostly copy and paste

Seriously...even crazier when it`s developer centric sites trying to gatekeep information... Like they think we can`t work around it with DevTools?!?! You are literally sending us the bits!!!! Soon websites will be one big image When possible I refuse to use such annoying UI

Also annoying when entering bank account/routing numbers. How could I possibly get it right by COPYING FROM MY BANK. Clearly my fat freaking fingers are more accurate.

It`s a hangover from phone banking. They keep a plaintext but only show part of it to the phone banking agent, the theory being that they won`t be able to pose as you during another call.

Perhaps they precompute the hashes of the combinations they know they`ll ask for when the password is initially set. This said, I`m not defending this terrible UX and am admittedly being hopeful about the technical reasons they`re able to do this.

You could drag and drop that value from the address bar into the field. Didn`t work?

There are browser plugins that disable this

UK banks are particularly bad for that.

There is a speciale place in hell gor these people... I changed my main banking service because of this!

Perhaps even worse are those sites that ask for only a few (eg 3rd, 10th and 19th) characters of your password. Makes me fume.

I agree, it`s absolutely ridiculous.

I definitely always assumed it was to weed out mistakes. The funny thing is when I can copy and paste from my password manager I never make a mistake. When I enter manually Im way more likely to get it wrong. Especially on a phone.

Ive wondered why this exists. Is it leftover archaic security from a time when most users remembered all their passwords?

Have you tried StopTheMadness? Its even worse when apps do it!

On the plus side, these are usually easy to spot and remove using Chrome`s inspect tool. I imagine there may be extensions available that can prevent paste event handlers from taking effect. I agree that sites should stop doing this, though. It encourages bad security.

Drives me nuts. Especially when I have to paste from my rsa token.

I detest that one. Why would you?

So annoying. Obviously not dogfooding.

Sponsored links