Which is ridiculously annoying. I have to edit the HTML every single time to remove "readonly" on that field and paste in my randomly generated password.
That's why I use tampermonkey/userscripts. Make a script that removes disabled property from all form elements in the page, and set it to run when the document finishes loading on every website, then disable it so you can turn it on when necessary. I've got a number of similar scripts (the most used one is generally enabled; it prevents squarespace sites from navigating to a site login even I hit esc to stop the page from loading).
Why are some fields like that? I have never understood why. It happens a lot when entering in bank account numbers. I am almost always copying and pasting the bank account number directly from my bank's website, but yet, these fields require me to type it in, increasing the possibility of a mistake.
I wish I could remember where I saw this UX, but the best is when they not only don't let you paste, but also treat the bank account number like a password field and don't let you see what you're typing in... and you have to do it 2x.
Most likely because the amount of furor and kerfuffle that would be created when "the security system broke" would basically be equal quantities of facepalm and hustle that would phase between canceling each other out and producing undirected chaos.
Like, this brand of "security" is being persisted with, in 2022, when virtually nothing else uses this sort of approach, and the writing's been on the wall for so long you almost can't see the wall for the writing anymore. And yet.
At the end of the day from an actual-security standpoint there's a lot to be said for generally rooting this kind of thing out and doing away with it, but given the direct association to vaults and banks and government (and probably military) systems and whatnot it's one situation where the blowback might genuinely cause enough bad press to require a summary firing or two as a token of reassurance to the type of old-world mindset in charge of this sort of thing. Maybe.
*shrug* that's a worst-case-scenario imagining what might happen, at least. I honestly have no idea. I just get strong "swim away!!" vibes from it, heh
It will enrage you to find out that some sites actually track the value, and if more than one character changes per keystroke, it'll reset the value. It's rare, but I have seen it.
Couldn't you do that with a bookmarklet, so it would just take one click?