Why do sites disable pasting in password fields? - Lemmy

It’s 2023, why are websites actively preventing pasting into fields like passwords and credit card number boxes? I use a password manager for security, it’s recommended by my employer to use one, and it even avoids human error like accidentally fat-fingering keys, and best of all with the credit card number I don’t have to memorize anything or know a single digit/character! I have to use the Don’t Fuck With Paste [https://addons.mozilla.org/en-US/firefox/addon/don-t-fuck-with-paste/] addon just to be able to paste my secrets into certain monthly billing websites; why is my electric provider and one of my banks so asinine that pasting cannot be allowed? I can only imagine downsides and zero upsides to this toxic dark-pattern behavior. There is even a mention about this in NIST SP 800-63B [https://pages.nist.gov/800-63-3/sp800-63b.html], a standard for identity management that some companies must follow in the USA, which even mentions forcefully rotating passwords and denying “password paste-in” as antiquated/bad advice: > Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets