Regarding pasting passwords, that reminds me: I signed up for one site, I think it was Paypal, which had a password limit of 20 characters. Okay, that's already pretty bad -- it's an arbitrary limit and not as secure as I'd like for a site that has access to my credit cards and bank info.
Anyway, I generated a password using KeePass with I think 60 characters and pasted them in without error or warning. Turned out that only the first 20 characters got pasted in and the rest were silently rejected.
When I tried to log in I kept getting an invalid password error. No indication that the password I was trying to use was too long.
Only when I tried to change my password and type one in manually did I notice that nothing was getting entered after the 20th character.
Learning to never truncate text is one of my first hard-learned programming lessons. I still have flashbacks whenever I see a maxlength attribute. If the user goes over, tell them, but do _not_ remove what they typed.
Glad I'm not the only one. Now, in the "confirm password" field, I always backspace the last couple of characters and type them in manually, to make sure they match with what was pasted.
Anyway, I generated a password using KeePass with I think 60 characters and pasted them in without error or warning. Turned out that only the first 20 characters got pasted in and the rest were silently rejected.
When I tried to log in I kept getting an invalid password error. No indication that the password I was trying to use was too long.
Only when I tried to change my password and type one in manually did I notice that nothing was getting entered after the 20th character.