re: How to prevent pasting into input fields VIEW POST


Nice write up on how to! thanks.

As to the why/why-not, let me take a moment and opine on that...

Please, please just don't do this at all, blocking the UX of a browser because you, or more likely your project manager, wants to be clever and pander the the lowest demonimator doesn't mean you need to. all it does is get in the way of what you want the user to do, and that's give you information. I shouldn't need to confirm my email, any more than i should have to confirm my middle name twice.


In addition, I use a password manager to store my credentials and I usually copy most of the data, so it actually makes it more prone to errors in this case. There's no way I'm going to make a mistake if I copy it. Same goes for Credit Card number or account number, so many of them you can't paste into...


Came here to say just that.
If you use a password manager, chances are you don't even know your passwords, so how are you supposed to type them twice? For many websites I am subscribed to I literally never typed my password once, not even in the moment of choosing it.

This is true for most sensitive data, the best option is to have it pre-filled for you via an extension or at least copy paste from another app.

To give a real world example of why disallowing copy paste is inconvenient for the user, just imagine you are on mobile and trying to fill in a form that prevents pasting. You'd have to either split the screen (browser and password manager app) which is always fiddly, or just flip back and forth and copy a password that is probably (and hopefully) not very readable, or manually write it down on a piece of paper and then input it in the form...

How many people would willingly go through this?


I also agree with this, most notably around password managers. If a user is trying to practice good password behaviours but it thwarted by a lack of pasting into a field, then it is likely to get them to choose to use an easier to remember password (probably something they've used before) and makes their account vulnerable to take over.

As developers it is our jobs to help our users be secure, not make it harder for them.

Code of Conduct Report abuse