I F*cking Hate This! Blocking Password Pasting-> but it is 100% safe
Ever tried to paste a password into a log-in field, only to be told to type it in manually? I really hate it when websites do this.
Some websites still don’t accept pasted passwords, even though the reasoning behind such a policy is pretty weak. In fact, because it stops password management tools from working properly, a restriction on password pasting can actually make users less secure.
But after I got to know the reason behind it!
I was totally fine with it! it shold be seen in a safty aspect
Occasionally, you’ll still come across websites that stop you from pasting passwords into the log-in box. Usually when this restriction exists, it’s there by design: i.e. the HTML code used on the website specifically prevents a pasted fragment from being entered into the field.
So why do companies deliberately include this block? It’s not exactly clear. As the UK’s National Cyber Security Centre (NCSC) points out, there’s no rule, technical standard or best practice point that recommends it. There are a number of possible justifications for it. Although once these reasons are scrutinised, they don’t really stand up:
It prevents brute-force attacks. The argument is that it stops malicious software from repeatedly pasting password guesses into the box to crack it. But this ignores the fact that the website should, in any event, have controls in place to identify and block a high number of log-in attempts relating to a single account.
Avoiding sensitive data in the clipboard. The idea is that you shouldn’t have sensitive information such as passwords hanging around on your clipboard. This is because malware apps have the ability to scrape your clipboard. The trouble is, the majority of malware apps with clipboard-scraping capabilities are able to read your keystrokes, too. So being required to type in your password does nothing for malware protection.
Pasting prevents you from remembering. In theory, the ability to paste your password provides less of an incentive to remember it. But in reality, the average person has 70-80 active passwords. Even if you wanted to, you are never going to memorize all of them.