cancel
Showing results for 
Search instead for 
Did you mean: 

Please allow paste in your password setting forms.

Newbie
Posts: 4
Thanks: 3
Registered: ‎25-10-2016

Please allow paste in your password setting forms.

Dhxy7rWX4AAvtXH

For some reason, plusnet block pasting passwords on the signup form.  Aren't you aware that this is an anti-pattern and the opposite of good security?

 

Suggest Plusnet takes a look at https://www.troyhunt.com/the-cobra-effect-that-is-disabling/

 

And please get rid of that asinine paste blocker.

 

Thanks

9 REPLIES 9
All Star
Posts: 2,019
Thanks: 232
Fixes: 24
Registered: ‎02-08-2007

Re: Please allow paste in your password setting forms.

Newbie
Posts: 4
Thanks: 3
Registered: ‎25-10-2016

Re: Please allow paste in your password setting forms.

It might be common - but it is *bad security practice* - it simply results in poor quality passwords that people have to remember and precludes the use of good password managers.

It also go against the advice of every reputable Security pro.

 

e.g. I use LastPass and it would generate a password like: Rxaj2y8*EV^V^UeFU4H$U!tvTp*eNB

 

That doesn't take 'a moment' to enter by hand.

 

Rising Star
Posts: 276
Thanks: 10
Fixes: 1
Registered: ‎14-09-2007

Re: Please allow paste in your password setting forms.

I just want to second this. The OP is absolutely right and describes the problem spot-on. It is sad to see this feedback has not been taken on board in two years!

By forcing manual entry of passwords the entropy of those passwords is significantly reduced because people wont type them in.

 

So instead of

U}=}`4D>*T{KQn79\6$taG.g.HY{~Z?_~D^7{uh<8W)tHa1rOY:UE:2Ui(uAl[\

You end up with

Goat1234!

 

I've just been prevented from adding a secure password to the Plusnet Mobile site. Good job I like Goats 😏

Seasoned Hero
Posts: 5,794
Thanks: 2,560
Fixes: 169
Registered: ‎30-06-2016

Re: Please allow paste in your password setting forms.


@Gel wrote:

Disabling paste is common on many secure log in sites.
Only takes a moment to enter again.


This sounds like a response from some-one who either uses simple passwords and/or the same password for all sites.

I use a password safe and the random 16 bit passwords automatically generated are neither memorable or easy to enter manually. A quick check up identified about 100, though I admit that only a slack handful are in regular use.

Community Gaffer
Community Gaffer
Posts: 14,808
Thanks: 2,378
Fixes: 163
Registered: ‎04-04-2007

Re: Please allow paste in your password setting forms.

This is valid feedback, thanks guys. I'll make sure it's passed on (ref:DFD-2424).

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Hero
Posts: 4,926
Thanks: 1,681
Fixes: 30
Registered: ‎30-07-2008

Re: Please allow paste in your password setting forms.

Thanks Bob, though of course it should have been valid when posted nearly two years ago, since when the OP hasn't been seen.  😉

The older I get, the earlier it gets late.

ADSL2+   Billion 8800NL
Community Gaffer
Community Gaffer
Posts: 14,808
Thanks: 2,378
Fixes: 163
Registered: ‎04-04-2007

Re: Please allow paste in your password setting forms.

And it was. I didn't see the post when it was first published though 😉

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Newbie
Posts: 4
Thanks: 3
Registered: ‎25-10-2016

Re: Please allow paste in your password setting forms.

Got the email notifications on this.
I'm no longer a plusnet customer.
Community Gaffer
Community Gaffer
Posts: 14,808
Thanks: 2,378
Fixes: 163
Registered: ‎04-04-2007

Re: Please allow paste in your password setting forms.

@pgregg the thread options drop-down at the top of the discussion should give you the ability to unsubscribe if you no longer want to receive notifications of updates.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵