Hey developers, please stop disabling copy/paste in form fields! 🚨

• It’s awful UX.
• It’s confusing.
• It doesn’t improve security.
• It breaks password managers.
• It risks typos on critical info.

If asked to do so, push back. Please don’t break the web.

Who is asking for this? Have you been asked to do so? I suspect this is on a checklist at some overzealous security consultancy.

If you are asked to disable copy/paste, show your product owner this.

Many developers just “do what they’re told”. Sure, developers aren’t the final decision maker. But I believe it’s *everyone’s* responsibility to push back on decisions that negatively impact the user’s experience.

Update: @manicode added this line to the OWASP Auth Verification Requirements: Verify that “paste” functionality, browser password helpers, and external password managers are permitted. 👍 🥳

If any security people try to push this on you show them requirement 2.1.11 from the ASVS standard!

Related tweet

Comments

Chris Johnson — 2022-03-17

Yes! So much this! I’ve literally made mistakes that cost time and money because of this foolishness!