God I hate when apps don’t have properly marked fields. You can mark your fields as username/password/street address/phone number/etc and browsers will automatically be able to detect them. So they can suggest autofill for the respective fields. But so many sites just… Refuse to properly mark their fields?
I know autofill hijacking was a problem for a while. For instance, a malicious ad could have off-screen autofill fields. So your browser would autofill them and the ad would capture the data. It was super scummy, and is why browsers moved towards prompting for autofill instead of just doing it automatically. But this is no excuse for sites to break paste on their own fields. It adds nothing to security, and only encourages weak passwords.
Or disabling paste in password and bank account fields. Which is a literal crime in the US but never enforced.
God I hate when apps don’t have properly marked fields. You can mark your fields as username/password/street address/phone number/etc and browsers will automatically be able to detect them. So they can suggest autofill for the respective fields. But so many sites just… Refuse to properly mark their fields?
I know autofill hijacking was a problem for a while. For instance, a malicious ad could have off-screen autofill fields. So your browser would autofill them and the ad would capture the data. It was super scummy, and is why browsers moved towards prompting for autofill instead of just doing it automatically. But this is no excuse for sites to break paste on their own fields. It adds nothing to security, and only encourages weak passwords.