Geek Answers Handbook

Can I insert text in a password field?

What do you think of web developers? If we disable the insertion into the masked fields for the password in our web applications or not. Could this be a security hole or cause confusion or unwanted results? This is probably a matter of user experience, not programming.

+4
source share
6 answers

The insert is OK, in IMHO, and expected. Copying, however, is usually prohibited, not without reason. This is also expected. You just want to go with what most users know, unless you have a really good reason not to.

+12
source

The insert is fine. OK. Actual shutdown can sometimes cause big problems. Most users use keepass or similar applications to store strong passwords.

If you force people to enter each time, it can make them choose weaker passwords.

+14
source

No, do not disable the insert.

Some secure password management applications include support for placing their saved passwords directly into the C & P buffer without displaying it on the screen, and disabling paste will make these applications less useful.

+2
source

Allow pasting, but make sure the user notes that everything he pasted did not match the maximum length. I use KeePass, which generates 10-character passwords for me, it is a mess when my password does not work, because only the first 8 characters or the like are used in registration.

Also, make sure the login password fields are the same maximum length as the registration password fields.

+1
source

No, I wouldn’t. I often insert passwords, such as those randomly generated for reset. I do not think that this will be a security risk for the web application, only that the risk is inherited by the user.

0
source

The insertion can only be bad if it leads to a failure of the database query. In addition, everyone else has reasonable reasons to resolve it. Remote Desktop pissed me off when I cannot insert a password because I use KeePass to manage complex passwords. What I left leaves the password in plain text on the screen when I type it.

0
source

More articles:


All Articles