Register for this year’s #ChromeDevSummit happening on Nov. 11-12 in San Francisco to learn about the latest features and tools coming to the Web. Request an invite on the Chrome Dev Summit 2019 website

Prevents Users From Pasting Into Password Fields

Overview

Some websites claim that preventing users from pasting passwords somehow improves security. In Let Them Paste Passwords, the National Cyber Security Centre says that this claim is unfounded.

Password pasting improves security because it enables users to use password managers. Password managers typically generate strong passwords for users, store them securely, and then automatically paste them into password fields whenever users need to log in.

See The "Cobra Effect" That Is Disabling Paste On Password Fields for more on why enabling pasting is a better security practice.

Recommendations

Remove the code that's preventing users from pasting into password fields. It's probably a call to preventDefault() within the paste event listener that's associated to the password input element.

let input = document.querySelector('input');
input.addEventListener('paste', (e) => {
  e.preventDefault(); // This is what prevents pasting.
});

Find and inspect the code that's preventing pasting

To quickly find and inspect the code that's preventing pasting, try enabling the Clipboard > paste checkbox in the Event Listener Breakpoints section of Chrome DevTools, then pasting into a password field. DevTools should pause on the first line of code in the paste event listener.

More information

Lighthouse gathers all <input type="password"> elements, pastes some text into each element, and then verifies that the element's content has been set to the pasted text. If a page doesn't use <input type="password"> for its password input fields, Lighthouse doesn't detect those elements. It's also possible to prevent pasting outside of a paste event listener. Lighthouse doesn't detect that scenario, either.

Audit source

Feedback

Was this page helpful?
Yes
What was the best thing about this page?
It helped me complete my goal(s)
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It had the information I needed
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It had accurate information
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It was easy to read
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
Something else
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
No
What was the worst thing about this page?
It didn't help me complete my goal(s)
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It was missing information I needed
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It had inaccurate information
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It was hard to read
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
Something else
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.