@dalias @whitequark @mcc please, please trust me when I tell you that you cannot tell people not to copy and paste a password into a web page when their job is copying and pasting passwords into web pages all day long. people _routinely_ circumvent domain restrictions on password pasting. smart people. security-aware people. it is easy for social engineers to create synthetically exigent situations where this seems like a reasonable and obvious thing to do.