Copy Paste Wall


There has been a lot of fuzz regarding websites not allowing copy/paste in the password field of a registration or login page.

I personally agree with eminent figures like Troy Hunt and the NCSC in that disabling password pasting decreases the security of the site since it hinders the use of passwords managers.
However, there have been comments supporting the contrary as well.
Before you pick sides in this debate, I’d suggest you read the comments made on both sides. Do also read why some of the justifications used by companies are incorrect ill-informed.

I won’t be repeating the comments made on either side, since the articles I referred to earlier do a way better job of this.
This post is more of a shameless plug of a new Twitter hashtag I’m trying to launch as a method of identifying and grouping sites that don’t allow password pasting: #CopyPasteOffenders. The idea is that’s people who encounter sites that (still) inhibit users in pasting passwords (or other credential fields, like email) use this hashtag while contacting the site’s owner. When contacting a site owner (not necessarily via Twitter) I would suggest you also refer to the article of the NCSC, especially if the site belongs to a UK-based company.
I was inspired by Tom’s #protectyouraccesscard, which I’d suggest you scroll through as well.