@jensimmons
The only time it has saved me is when a site asked for my password twice. I usually copy and paste it from the first. But this time I'd made a typo. Retyping it helped me validate I'd got it right.

But that's about the only time it has ever been useful for me.

@jensimmons please please save us from this nightmare.

@jensimmons This hit me last week, turning a simple password entry task into spending about 10 minutes typing and re-typing a very complex password. I would LOVE to see the ability to block paste disabled at the platform level.

@jensimmons I've seen it a few times as a user (Not recently, but 5 - 10 years ago) on high value sites (I.e., banking).

I've never actually heard from anyone who implements this, why they do so. I assume it's a misguided notion of protecting the end user.

Absolutely not a fan.

@jensimmons My old school's SSO page blocked pasting in password fields, which is a big reason why I started using 1Password since it mimics typing. It didn't make anyone more secure, it just punished strong passwords.

I am now out of school but I will die holding this grudge for making me type a 20 character random string every time I wanted to check my email.

@jensimmons
One of the most annoying restrictions. Closely followed by incorrectly set fields so that Safari does not offer autofill.

@jensimmons Please help make this go away. The blocking of pasting in a password field drives me nuts.

@jensimmons I've seen people do this on confirmation fields. E.g., enter your account number a second time to make sure you didn't mistype it the first time. They want to prevent paste to prevent anyone from propagating a typo in the first field.

I suspect that, in reality, a user that's sophisticated enough to copy-and-paste is sophisticated enough to be pasting the value from the source of truth anyway.

@jensimmons it’s almost always the username and/or password field on login screens, and the whole argument that it’s for better security is bosh. It prevents users from effectively using password managers.

@jensimmons As a user, I find this UX incredibly hostile. As someone who uses a password management tool, I create & maintain my passwords elsewhere and when I need to manually type a random 20+ character password rather than pasting it in, it's incredibly frustrating, especially on mobile where special symbols are harder to find. And of course the fields are masked as well, so double frustrating.

@jensimmons the only case I’ve found that I don’t hate is a delete confirmation where you type something to prove you’re paying attention, and only then when it’s something short like “DELETE”

@jensimmons As a user, I would LOVE to see that "feature" go away.

@jensimmons the only use I can think of is something entered twice to ensure accuracy. Without paste-blocking, people will copy from the first girls (possibly with typos) into the second field, and the typo will be considered a match.

Entering the information manually (twice) reduces the risk of typoed data not getting caught.

There are few fields where this would be important, imo

@jensimmons I would love to see it go away as a user.

@jensimmons Oh, please, I would absolutely LOVE it if that got removed. And while you're at it, please also remove the ability to meddle with copying selected text.

The user locally selects text, and the developer should not be allowed to change what ends up on the clipboard without the user's consent.

@jensimmons disabling copy/paste in a data entry form is the actual worst.

@jensimmons As a web developer, no I don't ever do that. As a users it's very frustrating when you can't paste in a password field.

@jensimmons Absolutely cannot stand this behaviour. Thankfully extensions can prevent it.

@jensimmons To broaden this discussion and give you feedback you didn't ask for ...

I sometimes wonder if we should have a 'Turn off JavaScript' option in the context menu - possibly even suppressing event handlers on a per-element basis.

That would be very useful in a lot of circumstances, including this one.

@jensimmons I've encountered websites that prevent selecting and copying text 😮‍💨

@jensimmons I'd love it if sites would stop doing this, but I don't see how the web as a platform could prevent it, short of removing the possibility to have *any* custom behaviour on paste? which might be a bit more controversial possibly

@jensimmons It used to be somewhat useful before password managers to prevent typos. For years now it doesn't seem to make sense disabling pasting though, I never type passwords by hand anymore.

@jensimmons I don't ever do that and neither does my team, but I have understood the use case to be when you want someone to confirm their email or password or whatever (whereas they could just copy and paste one with a typo). I think it's mad annoying, tho, which is why I never build forms with that "feature" in them

@jensimmons I hate it when paste is disabled. I also hate it when I have to type username, hit enter, then password on a second screen (very rarely doable with a PW manager)

All I can think of is bots using harvested credentials.

But that wouldn't be a real user agent.

In general, for human users, disallowing paste/password managers is an anti-pattern, and #WCAG 2.2 gives you a very credible #a11y post to nail this to.

@jensimmons

@jensimmons I have been a web developer for nearly 30 years and this kind of nonsense has been a plague on usability. Also websites that add code to prevent you from copying and pasting text on the website. I'm simply trying to send people TO your website.

@jensimmons maaybe a valid use case of disallowing paste could be in educational tech, eg to prevent cheating in certain cases? (cc @jpzwarte might know?)

@jensimmons I have never, at any point, encountered a scenario where disabling pasting helped me in any way. I always resent it.

I'd go so far as to say that I don't think JavaScript should be allowed to influence the clipboard at all if it weren't for the fact that some code-generating sites have a "copy source" button that's convenient. Like 90% of the times that a site I use does anything with copying/pasting, it's abused.

@jensimmons I always presumed this was to prevent a brute force attack, preventing the automation of trying multiple passwords…?

@jensimmons I have previously shipped a paste block in the "confirm email" field in en effort to prevent email bounces, we had data that showed people pasting and it worked to reduce our missed bookings due to email bounces

@jensimmons @jackbrewster I’ve encountered this a few times and AFTER I’ve stopped swearing creatively at the imagined Web site creator and product manager, I calmly close the tab and go away. They don’t need my business any way.

But I’d love it were Safari to implement a super secret close this tab in flames option.