DEV Community

Discussion on: How to prevent pasting into input fields

Collapse
 
bitdweller profile image
Pedro Pimenta

In addition, I use a password manager to store my credentials and I usually copy most of the data, so it actually makes it more prone to errors in this case. There's no way I'm going to make a mistake if I copy it. Same goes for Credit Card number or account number, so many of them you can't paste into...

Collapse
 
philnash profile image
Phil Nash

I also agree with this, most notably around password managers. If a user is trying to practice good password behaviours but it thwarted by a lack of pasting into a field, then it is likely to get them to choose to use an easier to remember password (probably something they've used before) and makes their account vulnerable to take over.

As developers it is our jobs to help our users be secure, not make it harder for them.

Collapse
 
aurelio profile image
Aurelio

Came here to say just that.
If you use a password manager, chances are you don't even know your passwords, so how are you supposed to type them twice? For many websites I am subscribed to I literally never typed my password once, not even in the moment of choosing it.

This is true for most sensitive data, the best option is to have it pre-filled for you via an extension or at least copy paste from another app.

To give a real world example of why disallowing copy paste is inconvenient for the user, just imagine you are on mobile and trying to fill in a form that prevents pasting. You'd have to either split the screen (browser and password manager app) which is always fiddly, or just flip back and forth and copy a password that is probably (and hopefully) not very readable, or manually write it down on a piece of paper and then input it in the form...

How many people would willingly go through this?