Why do some websites prevent you from pasting your passwords? Often the answer is ‘security’, but does the restriction really help anything?
Everyday it’s getting harder to create an appropriate password and rightly so. Things like minimum letter count and requiring certain symbols etc are all a proven method of making your passwords harder to crack.
In an attempt to further their security, some websites go through the process of coding in a prevention that stops you from pasting your password into their password fields. What makes this such a big deal is that a large proportion of the internet can’t understand why exactly this is ‘safer’.
It can be seen that websites that restrict you from the ability to paste your passwords are actually making it more unsafe for us online. Plenty of us use password managers in order to stay safe online and enable us to have a different passwords for every place we visit. Websites that prevent us from pasting passwords are making it impossible for us to use these managers.
Take the example above, this password manager gives you long complicated passwords that you would probably never bother to remember, because you’re going to update it soon and it’s all there ready for you to copy and … oh wait you can’t do that now because the paste function is disabled. In this example, ‘disabled password pasting’ is actually making password security worse, and it adds a frustrating hassle that many people see as unnecessary.
So why do people feel that password pasting should be prevented?
'If password pasting is allowed, it could present a vulnerability where malicious software or pages could repeatedly paste password guesses into the password box until they correctly find your password.'
I know we must take security seriously, however, this is a very miniscule concern for the hassle the restriction creates. This is an unlikely situation as there are many other ways to make guesses that are just as easy for attackers to set up, and these are much faster at guessing.
'Lots of password managers work by copying your password to the clipboard so they can paste it into the password box on websites. The possible risk is that an attacker will steal your password before it's deleted from the clipboard.'
Malicious software exists that can gain access to your clipboard. However, most password managers do delete the data as soon as they have passed your password, and so you can look for this attribute in the ones you download.Some also use a 'virtual keyboard' instead of the clipboard which evades the clipboard issue altogether.
There are plenty of ways to combat this issue, the main ones are keep your system updated, avoid catching viruses, and don’t use 'Internet Explorer 6' as it does allow malicious web pages to copy the clipboard.
To conclude, does preventing you from password pasting make things safer? Well.. Not really, it prevents you from using a very safe method of password keeping, and the restriction causes more hassle than it’s worth. The reasons people use to justify the restriction aren't really good enough to warrant the hassle, in their eyes it's adding an extra layer of security but to many, it's a solution to a problem that made everything a whole lot worse.