cancel
Showing results for 
Search instead for 
Did you mean: 

Please allow paste in your password setting forms.

pgregg
Newbie
Posts: 4
Thanks: 3
Registered: ‎25-10-2016

Please allow paste in your password setting forms.

Dhxy7rWX4AAvtXH

For some reason, plusnet block pasting passwords on the signup form.  Aren't you aware that this is an anti-pattern and the opposite of good security?

 

Suggest Plusnet takes a look at https://www.troyhunt.com/the-cobra-effect-that-is-disabling/

 

And please get rid of that asinine paste blocker.

 

Thanks

9 REPLIES 9
Gel
Aspiring Champion
Posts: 2,150
Thanks: 255
Fixes: 26
Registered: ‎02-08-2007

Re: Please allow paste in your password setting forms.

pgregg
Newbie
Posts: 4
Thanks: 3
Registered: ‎25-10-2016

Re: Please allow paste in your password setting forms.

It might be common - but it is *bad security practice* - it simply results in poor quality passwords that people have to remember and precludes the use of good password managers.

It also go against the advice of every reputable Security pro.

 

e.g. I use LastPass and it would generate a password like: Rxaj2y8*EV^V^UeFU4H$U!tvTp*eNB

 

That doesn't take 'a moment' to enter by hand.

 

starfry
Rising Star
Posts: 290
Thanks: 20
Fixes: 2
Registered: ‎14-09-2007

Re: Please allow paste in your password setting forms.

I just want to second this. The OP is absolutely right and describes the problem spot-on. It is sad to see this feedback has not been taken on board in two years!

By forcing manual entry of passwords the entropy of those passwords is significantly reduced because people wont type them in.

 

So instead of

U}=}`4D>*T{KQn79\6$taG.g.HY{~Z?_~D^7{uh<8W)tHa1rOY:UE:2Ui(uAl[\

You end up with

Goat1234!

 

I've just been prevented from adding a secure password to the Plusnet Mobile site. Good job I like Goats 😏

Baldrick1
Seasoned Hero
Posts: 7,646
Thanks: 3,412
Fixes: 235
Registered: ‎30-06-2016

Re: Please allow paste in your password setting forms.


@Gel wrote:

Disabling paste is common on many secure log in sites.
Only takes a moment to enter again.


This sounds like a response from some-one who either uses simple passwords and/or the same password for all sites.

I use a password safe and the random 16 bit passwords automatically generated are neither memorable or easy to enter manually. A quick check up identified about 100, though I admit that only a slack handful are in regular use.

bobpullen
Community Gaffer
Community Gaffer
Posts: 15,437
Thanks: 3,134
Fixes: 194
Registered: ‎04-04-2007

Re: Please allow paste in your password setting forms.

This is valid feedback, thanks guys. I'll make sure it's passed on (ref:DFD-2424).

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

198kHz
Seasoned Hero
Posts: 5,403
Thanks: 2,280
Fixes: 34
Registered: ‎30-07-2008

Re: Please allow paste in your password setting forms.

Thanks Bob, though of course it should have been valid when posted nearly two years ago, since when the OP hasn't been seen.  😉

To err is human; to purr, feline
ADSL2+   Billion 8800NL
BT technician (Retired)
bobpullen
Community Gaffer
Community Gaffer
Posts: 15,437
Thanks: 3,134
Fixes: 194
Registered: ‎04-04-2007

Re: Please allow paste in your password setting forms.

And it was. I didn't see the post when it was first published though 😉

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

pgregg
Newbie
Posts: 4
Thanks: 3
Registered: ‎25-10-2016

Re: Please allow paste in your password setting forms.

Got the email notifications on this.
I'm no longer a plusnet customer.
bobpullen
Community Gaffer
Community Gaffer
Posts: 15,437
Thanks: 3,134
Fixes: 194
Registered: ‎04-04-2007

Re: Please allow paste in your password setting forms.

@pgregg the thread options drop-down at the top of the discussion should give you the ability to unsubscribe if you no longer want to receive notifications of updates.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵