Great article. The only point missed is that password length limits AND re-type fields AND disabling copy and paste are all measures that when, implemented correctly, are supposed to help you remember your password and prevent easy access to reset mechanisms by forcing you to type it twice and not accidentally copy and paste it twice.
Of course, in an era where weak password re-use and leaked hashes are one of the biggest problems facing normal internet users, we really should re-evaluate all the above assumptions.
Or if it's too hard, let email providers handle the login security requirements... Since most places allow email-based password resets anyway.
I understand the desire to stop stupid users from being stupid, however outright preventing user best practice unless they resort to somewhat exotic workarounds is completely inexcusable.
> we really should re-evaluate all the above assumptions
I would not consider anyone supporting these practices remotely competent. There should not be any need to re-evaluate anything.
Of course, in an era where weak password re-use and leaked hashes are one of the biggest problems facing normal internet users, we really should re-evaluate all the above assumptions.
Or if it's too hard, let email providers handle the login security requirements... Since most places allow email-based password resets anyway.