Everyone encountered at least once a form that ask you to confirm your password or email address to check you didn't make some mistake when re-typing it.
So it's more safe right?
It's a good idea (or at least a good intention) IF you're typing your password manually.
But a more secure approach is to use a password manager, even better an offline password manager (not cloud based without browser integration) like KeepassXC and to pick a very long and strong password with all those special characters.
But wait a minute! You are disabled to paste anything and your password is so long and complex to write manually, there is a 100% chance you make a mistake by trying to write it manually.
That sucks right? This paste event block is preventing users to use a password manager which is a more secure approach.
Note to web dev: please stop to override paste event on the 2nd field, instead you can still prevent the copy event from the 1st field. It's already a little better.
But we are blocked right? We don't either want to copy the 50 char long password manually nor to stop using our password manager and re-use weak rockyou passwords again.
If you are a Firefox user, good news! I have the solution! We will disable clipboard event override:
- Go into
- Double click the value to change it from
Now websites can't override any clipboard events!
If you wonder if this trick can break some behavior, I think not. Because, most of the time, clipboard events are used to:
- block copy/paste, that's what we want to avoid
- infect you (eg. Pastejacking attack)
So either way we don't want it. Instead it will even harden your browser a little bit.