EmailDiscussions.com - View Single Post - you shouldn’t be forced to use special characters in your passwords

evilquoll · 15 Jul 2017, 10:34 AM

My pet hate is web sites (usually e-commerce sites) which use a "don't allow paste" command on their password input field (or other fields, for that matter). To my mind, this is detrimental to legitimate users (who are thereby being forced to use a password which is weak enough to be feasible to remember, and to type manually, instead of being copy-and-pasted from a password repository, as I prefer) while doing absolutely nothing for site security. (If i were trying to crack a site, using a buffer-overflow attack or the like, I wouldn't be dumb enough to allow my custom client to honour "no paste" requests.

)

Fortunately, this dubious behaviour can be overridden by using Firefox with the appropriate plugin; but it's a dumb idea nonetheless.

15 Jul 2017, 10:34 AM	#6
evilquoll Member Join Date: May 2017 Location: Emergency temporary account of ROBERT.BAK Posts: 36	My pet hate is web sites (usually e-commerce sites) which use a "don't allow paste" command on their password input field (or other fields, for that matter). To my mind, this is detrimental to legitimate users (who are thereby being forced to use a password which is weak enough to be feasible to remember, and to type manually, instead of being copy-and-pasted from a password repository, as I prefer) while doing absolutely nothing for site security. (If i were trying to crack a site, using a buffer-overflow attack or the like, I wouldn't be dumb enough to allow my custom client to honour "no paste" requests.) Fortunately, this dubious behaviour can be overridden by using Firefox with the appropriate plugin; but it's a dumb idea nonetheless.