@nzakas and, incidentally, will likely then fail proposed WCAG 2.2 SC 3.3.8 Accessible Authentication https://www.w3.org/TR/WCAG22/#accessible-authentication-minimum

@nzakas What about the one I just had the misfortune to use that blocks paste, right click, *and backspace* in the password field?

@nzakas @lisamelton any time I see this message I’m boosting it

@nzakas @lisamelton It has been my career experience that such systems are almost always mandated by people who don't have to use them daily, if at all. It is such a pervasive anti-pattern used by folks who (mistakenly or not) confuse "security theatre" for security.

@nzakas

My bank is still not listening 🦻

They want their customers to use longish passwords and they also block the paste functionality 🔑

One can always drag-drop the text into the paste protected field without any problem. No need for extensions.

@nzakas *taps forehead* Can’t steal my info if I get annoyed and stop signing up!

@nzakas I want this reboosted at least once a week.

@nzakas
Exactly.

@nzakas @lisamelton AMEN! (I'm not religious but that's how strongly I agree with your statement. 😀)

@nzakas Amen!

@nzakas Especially when you use a password manager. As if I'm going to type my 32 character random number/letter/symbol password by hand - I just open the console and stuff it in with JavaScript lol

@nzakas it sort of is, it’s keeping me out of their system.

@nzakas @colarusso_algo Just went into the inspector and removed the paste event override from three input boxes on my insurance company’s site so I didn’t have to type my account information by hand and probably mess it up. The one I have in my clipboard is accurate, I promise.

@nzakas I hacked together an Alfred workflow a couple months back after getting particularly pissed at a site that did this. The workflow turns the clipboard into simulated keystrokes and uses AppleScript to type them.

I get a little glee every time I use it on a site.

@nzakas Blocking paste on a form textbox is not a security feature.
#SecurityTheater

@nzakas if you don't let me paste from my password manager then my password on your site is xyzzy123!

@nzakas this is adjacent to Dumb Password Rules @dumbpasswordrules

@nzakas

OMG rage. They're just ensuring that I eff it up. Copy/paste is a survival skill for me.

@nzakas @smartwatermelon :angery: :kitten_knife: :molotov:

@nzakas Flip side: creating an API that allows sites to block paste or otherwise distinguish between paste and manual entry of characters is malice by the browser.

@nzakas

What is this 2003?

Here's a useful extension: https://github.com/jswanner/DontF-WithPaste