Let them paste passwords
When you stumble on websites, especially those “security-conscious” ones, that stops you from pasting passwords, you know they are irritating, and idiotic.
Making password entry difficult is like attempting weight loss by eating bland food. It’s not the flavour that makes you fat. There is this perception that something delicious can’t be good for a diet. People have this notion that to lose weight, there must be penance. An element of punishing oneself for past transgressions seems essential.
Security people have the same mindset. Security must be a hassle. It must be in your face. It has to be onerous. A challenge. A hurdle to get past.
Often the slickest, most hassle-free approach is the most secure.
Allow your website to accept pasted passwords - it makes your site more secure, not less.
Here is an article from the National Cyber Security Center on why allowing password pasting is a much safer way – Let them paste passwords.
The main reason why password pasting improves security is because it helps to reduce password overload. Allowing the pasting of passwords makes web forms work well with password managers. Password managers are software (or services) that choose, store and enter passwords into online forms for you.
Password managers are very useful because they:
- make it much easier to have different passwords for each website site you use
- improve your productivity and reduce frustration by preventing typing errors during logins
- make it simple to use long, complex passwords
Here is a very nice article from the Security Expert, Troy Hunt, The “Cobra Effect” that is disabling paste on password fields that details on why not to stop using the idea of not allowing password-pasting on websites.