There are also Chrome extensions that will attempt to remove any such restrictions automatically, like https://chrome.google.com/webstore/detail/dont-fuck-with-pas...

Looks like it's also available for Firefox https://addons.mozilla.org/en-US/firefox/addon/don-t-fuck-wi...

Lovely. I wish this were possible for some stupid mobile apps too, which tend to be extremely painful (triply so for ones that clear the password field as soon as I switch to 1Password to read the next five characters).

This extension can read and change all data on any website I visit. While I understand that this is necessary for it to work, am I alone in being very uncomfortable installing it for something so trivial (or, perhaps, at all)?

This is why I prefer userscripts instead of extensions for simple things like this. Usually, they can be achieved with a single or few lines of code; even though I am not a programmer (and certainly not a Javascript programmer) I can often write one with a little bit of research. No need to extend the attack surface with yet another extension for every little thing.

You might be able to inspect the code of an extension, but it is less straightforward and easy compared to a simple userscript. Plus, with a userscript, there is no risk of the extension author turning malicious and updating it with malware, even if it was clean at one point.

My rule of thumb is using userscripts to modify websites' behavior, and using extensions to modify the browser's behavior. (At least that is the case for Firefox 56: Firefox Quantum and Chrome limits extensions from modifying the browser much; often they are little more than glorified userscripts.)

Maybe. But then again, this is the only available permission.

Sadly doesn't work with one of my banks (it detects the ctrl key on keydown)

Try Shift-Ins instead. It also performs pasting, but fewer people seem to be aware of it.

Trivia: Shift-Ins actually predates Ctrl-V :-)

In Firefox you can disable this stuff by setting dom.event.clipboardevents.enabled to false.

This will also break stuff like pasting an image via Ctrl-V if it's in your clipboard buffer, though. Be warned.

Or inspect element, then

   $0.value = 'hunter2'

We're talking about the general public! Can you imagine the phone conversation I would have with my dad about this? It would end in WW3.

router passwords taped to the back of the router is about as sophisticated as the “password management” gets for mine (or hand written on a random page of a 99 cent spiral notebook)

This is awesome and I can't believe it's the first it's ever crossed my mind. Good stuff.

This is great, but not easy to get into a console on mobile. I always struggle with United Airline's wifi which prevents paste, and I always try to access from mobile.

You can use a bookmarklet. I don't have one for restoring paste, but I have ones for setting viewport width to desktop and it works really well (iOS Safari).