[machrider]

Apple does this, too. Not just on password change forms, but on login forms. Drives me nuts, as I use a password manager and my passwords are 24 characters of garbage.

Edit: Apparently I can't reply to the next comment, but keepassx also has the feature that passwords are cleared from the clipboard after 30 seconds.

[Foy]

Clearly, having your password on the clipboard is a security issue. Storing your password in plain text, however, isn't.

Gotta love half-assed security measures. :)

[SquareWheel]

I ran into this same problem. Had to use the Chrome Web Inspector to get around it. I believe it's a part of PCI compliance, but plenty of sites accept credit cards without that nonsense so I'm not sure. GetGamesGo.com does the same thing.

[tedunangst]

Please, in the future, whenever talking about PCI compliance, cite chapter and verse. There's more than enough wild speculation running around about it, all sorts of myths are repeated and propagated.

[SquareWheel]

I asked a GetGamesGo employee about the pasting issue and that is what he told me. Let me get the full quote:

  "Cut/paste passwords – that’s a stipulation of PCI compliance. We could scrap it, but they ask for it. We have to be PCI compliant on card processing."

I provided as much information as I had available, I do not know the chapter/verse. Apologies if I spread any misinformation, I took this rep at his word.

[einhverfr]

I have spent a fair bit of time reading the PCI standards and I have never seen such a requirement. I suppose it is possible that some sort of independent auditor is making that call but it isn't in the standard anywhere I can see. (Auditors seem to have a huge amount of discretion here.)