“The Cobra Effect” and the prohibition on password pasting

“The Cobra Effect” and the prohibition on password pasting

The cobra effect is an idiomatic expression which describes a situation when proposed problem solution makes things even worse. That’s why we say: “We wanted the best, you know the rest”. Some websites introduce doubtful security measures which eventually lead to the cobra effect. In this article, we will tell you why a prohibition on password pasting rather than increasing the website security, has led to the opposite effect.

Back when India was a colony of the British Empire, British colonists faced a problem – cobras, which were teeming the subcontinent. These reptiles were the most common cause of death among colonists. So the British government issued a decree which stated that local Indians could get a reward for each killed cobra.

At first glance, this idea is brilliant, but it led to the opposite effect. The enterprising Indians realized that it was great opportunity to get some money. Instead of exterminating the serpents the locals began to breed them and receive money from local authorities. When rumors about the actual state of affairs came to the government, a decree was abolished. The only thing locals could do with their cobras is just to set them free.

Naturally, the number of victims has increased significantly. Thus, nowadays we call the situation the Cobra Effect when the problem solution makes the problem even worse.

The prohibition on password pasting

In today’s world, the prohibition on password pasting into a login form not only failed its security mission but lead to the Cobra effect.

Prohibition on password pasting becomes a sort of trend. The website owners explain this policy that fraudsters can copy stolen passwords and paste them into a login form. For example, on the GE Capital website the copy pasted password just disappears at once. This website doesn`t provide any explanation for such an action.

password copy paste

PayPal has a different approach which in general seems quite logical. When you log in the website, the system doesn`t require manual password entry: you can paste it through a password manager. But the change of user`s password requires manual input. It makes sense, but still, there is no information about such website policy.  

password copy paste

Why isn’t it working?

password generatorThe prohibition on password pasting is realized thanks to onpaste event, created for Internet Explorer. What’s more interesting is that onpaste event works not only for Internet Explorer but for Chrome, Safari and Firefox as well.

This protection method is absurd, writes Troy Hunt, a Microsoft Regional Director, and security expert. The best password is the one you can’t remember. To protect yourselves and your data, you have to use password generator (to learn more read our blog post “9 online tools to generate reliable passwords). The idea of the tool is that it creates the random letters-numbers-symbols password and remembers it. So you have no need to remember different passwords for all websites which you use. The master password (for your password manager) is the only thing you need to know.

last pass password generator

If the website prohibits password pasting, you won’t be able to use your password manager. Entering such generated passwords as p&Dt}29-LTqp%MJ becomes a real problem. That`s why users simplify their passwords in order not to spend time entering it manually. That`s why the level of security is greatly reduced and the probability of hacking increases dramatically.


Network security is a relative concept. Let’s be frank: the one who has serious intention to steal your data or passwords will do it. Not to mention the security services, who can access virtually any data. Still, we recommend you to stick to simple tips that will help you to protect your data from fraudsters. Use a password manager (for example, KeePass or LastPass) and for heaven’s sake, stop using your children or pet`s names as passwords. Unfortunately, such crappy masterpieces as qwerty or 12345 are still in the lead. Have a look at the other most stupid passwords. Don’t repeat the errors of careless users!



About author

You might also like

Building Your Website 0 Comments

Web Hosting For Your Blog: 3 Questions

Choosing web hosting for your blog can be a confusing thing, especially if you’re new to the blogging world. Surely, you Googled a lot and still can’t decide where to

Tips&Tricks 0 Comments

Google makes people think they are smarter than they really are

Browsing the Internet for information gives people a false impression of their own level of intelligence. Search engines as Google or Yahoo make people think that they are smarter than

IT News 0 Comments

Google indexes HTTPS pages by default

Website security has become very topical recently. Many owners of web resources started to use a secure HTTPS connection because of the hacker attacks, but still there are a lot