Don't Stop Me from Pasting Passwords

People who prevent pasting of passwords have no understanding of security. They should be fired immediately.

Why? You just stopped me from using my password manager. And the fact that you don’t realize means you don’t use one. If you work in security and don’t use a password manager (and prevent others from same) you are woefully incompetent and should go find another career.

I am not saying this is a solution, but the reason you see this is because a number of companies, such as TikTok and LinkedIn, have been caught scraping the clipboard.

https://www.forbes.com/sites/daveywinder/2020/07/11/iphone-u...

https://www.forbes.com/sites/zakdoffman/2020/06/26/warning-a...

That said, for web applications, you are required to do things like use HTTPS for the modern clipboard API, which provides the user some guarantees. Not much works without HTTPS anymore though.

Unintended? Consequences. It encourages weaker passwords, since you are not going to type in 14 of more characters by hand. I tried.

On campus, one service timed you out pretty quickly if you dawdled typing your password. I suggested that you should fail if you type it too fast, instead, to foil shotgun password typing bots, and give users more time for longer passwords.

That was before password managers.

It's hard to get everything right. After some rounds of white-hat password cracking, (the ones I got were so lame)I decided to modify the passwd command to crack passwords on the way in. Much faster with the plain text.

I have distrusted facial recignition since the Columbo episode (spoiler) in which Dabney Coleman sends someone elseout in his car with a face disguise to be deliberately snapped by a traffic camera for an alibi.

The photographically-aware detective notices that the light is wrong.