Paste preventing inputs

Indicators

• Security

Impact

(How ScanGov measures tasklist priorities.)

About

Some websites claim that allowing users to paste passwords reduces security. However, password pasting actually improves security because it enables the use of password managers.

Password managers typically generate strong passwords for users, store them securely, and then automatically paste them into password fields whenever users need to log in. This approach is generally more secure than forcing users to type in passwords that are short enough to remember.

In the general case, users should not be prevented from pasting into <input> elements.

Why it's important

Negatively impacts user experience and weakens security by blocking password managers.

Code

<input type="text" />

Error

(ScanGov messaging when a site fails a standard)

Page doesn't allow copy-paste into inputs.

Guidance

Links

• Prevents users from pasting into input fields

Related

• Content security policy (CSP)
• HTTP Strict Transport Security (HSTS)
• security.txt
• X-Content-Type-Options
• Errors in the console
• Clickjacking mitigation
• Paste preventing inputs