Prevent websites from disabling paste functionality in password boxes

[inian]

Lot of websites disable pasting in password boxes, hindering the use of password managers and strong passwords in general. This issue has been covered more in detail here - https://www.troyhunt.com/the-cobra-effect-that-is-disabling/

Would this be something that is a good intervention? Seems simple enough to implement and functionality doesn't break as such.

[dan2468]

I also find this annoying.

Some “super-secure” sites prevent pasting into plain-text fields, too, e.g. https://www.aztpensii.ro:8888/employer/pck_web_new.p_login (ironically, they consider the employer login page to be secure enough to allow pasting https://www.aztpensii.ro:8888/employer/pck_web1_new.p_login).

But I’d prefer instead a more general intervention, to specifically allow the browser's password manager to set the actual username and password fields (which might not be the visible, or hashed clones of the actual textboxes).

[Trombon231]

Hi, inian! Sorry for offtoping, but i don't know how to write you private message. Please tell me something about your userpic. As i know, it is a picture-plug in ie7, when ie7 can't show the picture. Could you tell me, where in Windows this picture-plug actually is? What is the path to it. Is it gif-file or ico, or png, or element of shell? i can't find it. Excuse me)) Thanks.

[johannhof]

(As noted in https://github.com/WICG/interventions/pull/72, we intend to archive this repository and are thus triaging and resolving all open issues)

I'm going to close this issue since there doesn't seem to be sufficient traction to take the conversation elsewhere. If there's still interest in this I would encourage you to file an issue against the HTML spec or file bugs with browser vendors directly.