It's easier to just hack the HTML IME. If pasting is blocked in JS, and the site has a (probably ancient) version of jQuery installed, just throw this in the console:
Lovely. I wish this were possible for some stupid mobile apps too, which tend to be extremely painful (triply so for ones that clear the password field as soon as I switch to 1Password to read the next five characters).
This extension can read and change all data on any website I visit. While I understand that this is necessary for it to work, am I alone in being very uncomfortable installing it for something so trivial (or, perhaps, at all)?
This is why I prefer userscripts instead of extensions for simple things like this. Usually, they can be achieved with a single or few lines of code; even though I am not a programmer (and certainly not a Javascript programmer) I can often write one with a little bit of research. No need to extend the attack surface with yet another extension for every little thing.
You might be able to inspect the code of an extension, but it is less straightforward and easy compared to a simple userscript. Plus, with a userscript, there is no risk of the extension author turning malicious and updating it with malware, even if it was clean at one point.
My rule of thumb is using userscripts to modify websites' behavior, and using extensions to modify the browser's behavior. (At least that is the case for Firefox 56: Firefox Quantum and Chrome limits extensions from modifying the browser much; often they are little more than glorified userscripts.)
router passwords taped to the back of the router is about as sophisticated as the “password management” gets for mine (or hand written on a random page of a 99 cent spiral notebook)
This is great, but not easy to get into a console on mobile. I always struggle with United Airline's wifi which prevents paste, and I always try to access from mobile.
You can use a bookmarklet. I don't have one for restoring paste, but I have ones for setting viewport width to desktop and it works really well (iOS Safari).