Paste preventing inputs
The page lets users paste content into form fields.
On this page
Impact
About
Some websites claim that allowing users to paste passwords reduces security. However, password pasting actually improves security because it enables the use of password managers.
Password managers typically generate strong passwords for users, store them securely, and then automatically paste them into password fields whenever users need to log in. This approach is generally more secure than forcing users to type in passwords that are short enough to remember.
In the general case, users should not be prevented from pasting into <input> elements.
Risks
Users cannot use password managers safely.
Why it's important
Negatively impacts user experience and weakens security by blocking password managers.
Code
Correct input — allows paste:
<input type="text" autocomplete="current-password">
Incorrect — blocks paste:
<input type="text" onpaste="return false;">
Error
ScanGov messaging when a site fails a standard:
Page doesn't allow copy-paste into inputs.
Guidance
Links
Indicators
On this page