In a game of Walls and Ladders (similar to Arms Race), the Ladders usually win, see the references at the end of the post.
The actual “game” in this case is more and more sites trying to build walls prevent pasting credential related information like user IDs (often e-mail addresses) or passwords often citing “more safety” or “less security risks”, and users get taller ladders wanting to do just that because of their own security concerns:
[Wayback/Archive] Stef 🎈 on Twitter: “Dear mobile/web-apps, please never never disable copy and paste “due to security reasons”. -everybody with a password manager.”
The walls will always loose so it is better to invest the money for the walls into other security measures.
Given that most of the risks are web-sites getting that information exfiltrated, I wish they put more energy into bolting down that side of the security risk side than the hampering legitimate users entering that information in the first place.
Since so many of these sites have leaked my information in the past, any email address I use for activating an account is like 50 characters long. Something I am not going to type once (because of typing mistakes) and definitely not twice (to confirm I did not make typing mistakes).
Read the rest of this entry »