Hey developers, please stop disabling copy/paste in form fields! 🚨
- It’s awful UX.
- It’s confusing.
- It doesn’t improve security.
- It breaks password managers.
- It risks typos on critical info.
If asked to do so, push back. Please don’t break the web.
Who is asking for this? Have you been asked to do so? I suspect this is on a checklist at some overzealous security consultancy.
If you are asked to disable copy/paste, show your product owner this.
Many developers just “do what they’re told”. Sure, developers aren’t the final decision maker. But I believe it’s *everyone’s* responsibility to push back on decisions that negatively impact the user’s experience.
Update: @manicode added this line to the OWASP Auth Verification Requirements: Verify that “paste” functionality, browser password helpers, and external password managers are permitted. đź‘Ť 🥳
If any security people try to push this on you show them requirement 2.1.11 from the ASVS standard!
Yes! So much this! I’ve literally made mistakes that cost time and money because of this foolishness!