I feel the same way. A bandaid for the situation: you can use browser extensions/add-ons to restore paste functionality on these web pages. For example, I use this one:
Also their cousin; those that allow programmatic entry/pasting, but then detect whether the user has provided a value based on keystroke listeners rather than current field value. So you still need to hit space+backspace in the field to let the client JS know you've entered something.
The scary cousin of this antipattern: the login form that browsers' built-in password managers can't see. Building the DOM using pathologically dynamic methods, using nonstandard input fields, giving the username/password fields ridiculous names, etc.
This tells me that the developers don't use password managers themselves, which means they probably use hunter2 for all their passwords, which means they don't know or care about conscientious security practices... not the folks I want to have built the site I'm about to use.
Agreed, I always double check that the browser password manager works, but it's tricky because there is no standard around what the fields should be called to make it always work. The best way to make sure it works is to put the username directly above the password in the same form, that will result in most password managers working, and this is especially important on registration forms.
On macOS I use https://github.com/EugeneDae/Force-Paste to get around this. It uses virtual keyboard to type in the text from your clipboard. Also helpful for using the password in programs that don't allow paste.
The GNOME DE does this as well. Whenever I have a fresh Linux install and I try to enter the passwords in the "Online Accounts" section I'm reminded of it... so frustrating.
Generally speaking, that's one of the best ways to get me to not use your site - It's both inconvenient and shows your security team to be incompetent.
Its common in the US, i see it every couple weeks. It effected me last night on the Costco Travel site when creating an account. It let me paste the password but not the confirm password field.
I’ve seen it when entering in my bank’s routing and account number. Like, seriously? I’m less likely to type a digit incorrectly if I copy and paste...