• Alexstarfire@lemmy.world
    1·
    4 months ago

    TBF, I kind of get it. If someone is using a public computer you wouldn’t want someone to be able to sign into a site they left open because they copied their password.

    However, this won’t prevent anyone from copying the password into something like notepad and just typing it out. So in the end, it’s useless and makes things less user friendly. Which is what I expect these days.

    • hikaru755@lemmy.world
      1·
      4 months ago

      I suspect the reasoning for it was more along the lines of “if you’re pasting the password, that means you probably saved it in a text file on your desktop or something, and you shouldn’t do that so let’s stop you from doing it”. In reality, it probably didn’t work to make anyone store passwords more securely, and only made life unnecessarily harder for people with password managers

    • Kairos@lemmy.today
      01·
      4 months ago
      1. User pastes something into site
      2. data still pasted as normal
      3. JScript event clears clipboard and tells user that their clipboard was safely cleared.

      Literally just as secure and better behavior. Just use your brain for a few seconds.

      Edit: Actually it’s MORE secure because disallowing paste leaves the password or whatever in the clipboard without the user necessarily realizing it…

  • __init__@programming.dev
    0·
    4 months ago

    I ran into this when trying to paste my generated password into the password field on some kind of financial site and I think it is still the most egregious case of security theater I’ve seen yet.

    Anyway, you want the “don’t fuck with paste” extension, available on both chrome and firefox.

  • layzerjeyt@lemmy.dbzer0.com
    0·
    4 months ago

    My impression from when I’ve encountered this is that it is an attempt to repel bots.

    Speculating/knowing about the reason doesn’t help when I’m confronted with having to input the password *6mA*P7CCuVyHo8kh%x34!63wm23&uhzSMY3Xy3$*8^%7j$VeH^7

    • JasonDJ@lemmy.zip
      1·
      4 months ago

      Weird, that’s one character off from my Paramount+ password. I know from typing it on every fucking STB and console that I own and painstakingly quadruple-checking each character when it fails.

      You’d think I’d just change to a passphrase but nah. Ain’t nobody got time for that. Too busy ranting about user unfriendly problems that shouldn’t exist in modern STB apps.

    • nucleative@lemmy.worldEnglish
      1·
      4 months ago

      Bots don’t paste. If it a selenium related bot it would inject the value or type out each keypress.

      It only causes real users pain

    • MouldyCat@feddit.ukEnglish
      1·
      4 months ago

      My impression from when I’ve encountered this is that it is an attempt to repel bots.

      hmm bots don’t use keyboard or mouse copy & paste so I don’t see how that makes sense?

      my impression is this is just stupid product managers who don’t understand why it’s a bad idea to force all your users to manually type out their passwords or email addresses just because of the 0.1% of people who would copy and paste one with an error in.

  • Dagnet@lemmy.world
    0·
    4 months ago

    Came here hoping someone would explain how to use dev tools to remove that block or if there an addon for that, really hate this kind of restriction

    • taaz@biglemmowski.winEnglish
      1·
      4 months ago

      Firefox often let’s you bypass this shit with holding shift + right click or select the text you want to paste and drag and drop it into the field.