> you might want to make the user actually type the same password twice, rather than let them copy/paste the first entry into the second field
Please no. I generate a password in bitwarden, save it, copy and paste twice. Don't do that. I really don't want to type a 24 character password with lower / upper letters and special characters. If you do that to me, I will leave your website and never come back.
I do agree -- it was just the only semi-reasonable argument I could think of. It probably made some amount of sense before password managers were really a common thing, and you wanted to be sure that users didn't typo a new password and lock themselves out of accounts.
It never makes sense. I know how to use dev tools to remove your no paste option, my mother doesn't. She will simply use Password1!. That's how you get weak passwords. Don't make it difficult using strong passwords.
Please no. I generate a password in bitwarden, save it, copy and paste twice. Don't do that. I really don't want to type a 24 character password with lower / upper letters and special characters. If you do that to me, I will leave your website and never come back.