Paste would only be disallowed in the password verification field when setting a new password.
I can see the potential benefit of this but it would affect people with secure, long passwords who normally copy and paste them from a password manager. KeePass allows key press emulation, most password managers (LastPass, 1Password, Enpass, Password Safe, bitwarden) don’t.
I wouldn’t be very frustrated having to manually type in:
- It’d take a long time
- I’d probably make a mistake
- Forcing me to type it in makes me no more secure*
*I’m never going to remember it and it’ll always be stored in my password manager.
For people with short passwords then forcing them to type it in may increase accuracy first time but I think if you’re going to go down that path then you should allow a user to override the paste prohibition with a suitable warning. If you don’t then people who are sensible (and use a password manager) may decrease their security by choosing something easier to type and therefore less secure.
I think that if a user doesn’t appreciate the dangers of copy/paste then they shouldn’t be using encryption because they’ll lock themselves out of their files. They’re also the type of person who is likely not to use a password manager, will go onto forget their password and thereafter lock themselves out of their files.
It’s a no-win situation for AxCrypt.
The existing strict warnings are seemingly ignored by a minority of people and ultimately they only have themselves to blame when they lose access to their files. That’s not AxCrypt’s fault, it’s user ignorance and no amount of cotton wool can protect them from themselves.