Walls and Ladders when pasting e-mail on account sign-up forms: Paste It – Chrome Web Store
Posted by jpluimers on 2024/02/06
In a game of Walls and Ladders (similar to Arms Race), the Ladders usually win, see the references at the end of the post.
The actual “game” in this case is more and more sites trying to build walls prevent pasting credential related information like user IDs (often e-mail addresses) or passwords often citing “more safety” or “less security risks”, and users get taller ladders wanting to do just that because of their own security concerns:
[Wayback/Archive] Stef 🎈 on Twitter: “Dear mobile/web-apps, please never never disable copy and paste “due to security reasons”. -everybody with a password manager.”
The walls will always loose so it is better to invest the money for the walls into other security measures.
Given that most of the risks are web-sites getting that information exfiltrated, I wish they put more energy into bolting down that side of the security risk side than the hampering legitimate users entering that information in the first place.
Since so many of these sites have leaked my information in the past, any email address I use for activating an account is like 50 characters long. Something I am not going to type once (because of typing mistakes) and definitely not twice (to confirm I did not make typing mistakes).
In the past, disabling JavaScript for a site would work around this problem, and sometimes it still works as I wrote in Dutch on twitter at [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “De blokkade van @KruidvatService tegen plakken van email adressen op kruidvat.nl/login/checkout
is makkelijk te omzeilen…”
De blokkade van @KruidvatService tegen plakken van email adressen op https://kruidvat.nl/login/checkout is makkelijk te omzeilen:
- JavaScript uitzetten
- email plakken
- JavaScript aanzetten
- “account aanmaken” klikken
- rode velden spatie erbij en meteen spatie weg
- stap 4.
However, nowadays most sites depend so much on JavaScript that this usually is not a viable alternative any more.
So hello to many browser extensions that help you workaround the copy/paste prevention, and no thanks to these web-sites making copy/paste harder as it costs three parties time, energy and frustration:
- end-users trying to enter their data
- browser extension developers enabling those users to easily enter that data
- web-site builders making it harder to enter that data
One of those extensions is [Wayback/Archive] Paste It – Chrome Web Store:
Paste text from a toolbar button, context menu or keyboard shortcut
Often typing your email address on websites? Let Paste It do it for you, or any other text that you use frequently.Right-click the icon and select Options to set your text and toggle any of three handy ways to paste:
- Click the ‘Paste It’ toolbar button.
- Use a keyboard shortcut (Alt+V by default, fully configurable)
- Right-click to paste from the context menu.
You can also set alternate paste text for up to 5 different shortcuts.
It adequately helped me creating a new LIDL account [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “@arjankoole @Stef_van_Dop @LidlNederland @KruidvatService For Dutch LIDL, the workaround in Chrome is this: 1. install Paste It extension from … 2. configure a paste text (like “account-lidl.nl@example.org”) 3. right-click each e-mail field, paste “account-lidl.nl@example.org”, add one character, then delete it “:
Related:
- [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “@arjankoole @Stef_van_Dop @LidlNederland @KruidvatService Manual paste fails at least for email addresses.”
- [Wayback/Archive] jilles.com on Twitter: “@Stef_van_Dop …”
- [Wayback/Archive] chrome extension to paste by typing – Google Search
- [Wayback/Archive] Microspeak: Walls and ladders – The Old New Thing
“Walls and Ladders” is not a game. It’s just a metaphor for a conflict in which one side wants to perform some action and the other side wants to prevent it. The defending side builds a wall, and the attacking side builds a taller ladder. In response, the defending side builds a taller wall, and the attacking side builds an even taller ladder. The result of this conflict is that the defending side constructs an ever-more-elaborate wall and the attacking side constructs a more-and-more complex ladder [link possible NSFW], both sides expending ridiculous amounts of resources and ultimately ending up back where they started.
- [Wayback/Archive] The arms race between programs and users – The Old New Thing
There is a constant struggle between people who write programs and the people who actually use them. For example, you often see questions like, “How do I make my program so the user can’t kill it?” Now, imagine if there were a way to do this. Ask yourself, “What would the world be like if this were possible?” Well, then there would be some program, say, xyz.exe, that is unkillable. Now suppose you’re the user. There’s this program xyz.exe that has gone haywire, so you want to exit it. But it won’t let you exit. So you try to kill it, but you can’t kill it either. This is just one of several arms races that you can imagine.
- [Wayback/Archive] chrome disable javascript devtools – Google Search
- [Wayback/Archive] Disable JavaScript – Chrome Developers
Disable:
- Open Chrome DevTools.
- Press
Control
+Shift
+P
orCommand
+Shift
+P
(Mac) to open the Command Menu. - Start typing
javascript
, selectDisable JavaScript
, and then press Enter to run the command.
JavaScript is now disabled.
Re-enable JavaScript:
- Open the Command Menu again and
- run the Enable JavaScript command.
- [Wayback/Archive] How to disable JavaScript in Chrome Developer Tools? – Stack Overflow (thanks [Wayback/Archive] Jopela for asking and [Wayback/Archive] SLaks for answering)
Click the gear icon in the corner of the Developer Tools, click
Settings
, then underDebugger
, checkDisable Javascript
, as shown in the following video:
–jeroen
Leave a comment