Disabling paste is common on many secure log in sites.
Only takes a moment to enter again.

It might be common - but it is *bad security practice* - it simply results in poor quality passwords that people have to remember and precludes the use of good password managers.

It also go against the advice of every reputable Security pro.

e.g. I use LastPass and it would generate a password like: Rxaj2y8*EV^V^UeFU4H$U!tvTp*eNB

That doesn't take 'a moment' to enter by hand.

I just want to second this. The OP is absolutely right and describes the problem spot-on. It is sad to see this feedback has not been taken on board in two years!

By forcing manual entry of passwords the entropy of those passwords is significantly reduced because people wont type them in.

So instead of

U}=}`4D>*T{KQn79\6$taG.g.HY{~Z?_~D^7{uh<8W)tHa1rOY:UE:2Ui(uAl[\

You end up with

Goat1234!

I've just been prevented from adding a secure password to the Plusnet Mobile site. Good job I like Goats 😏

---

@Gel wrote:

Disabling paste is common on many secure log in sites.
Only takes a moment to enter again.

---

This sounds like a response from some-one who either uses simple passwords and/or the same password for all sites.

I use a password safe and the random 16 bit passwords automatically generated are neither memorable or easy to enter manually. A quick check up identified about 100, though I admit that only a slack handful are in regular use.

This is valid feedback, thanks guys. I'll make sure it's passed on (ref:DFD-2424).

Thanks Bob, though of course it should have been valid when posted nearly two years ago, since when the OP hasn't been seen.  😉

@pgregg the thread options drop-down at the top of the discussion should give you the ability to unsubscribe if you no longer want to receive notifications of updates.