God I *hate* when apps don’t have properly marked fields. You can mark your fields as username/password/street address/phone number/etc and browsers will automatically be able to detect them. So they can suggest autofill for the respective fields. But *so many* sites just… _Refuse_ to properly mark their fields? I know autofill hijacking was a problem for a while. For instance, a malicious ad could have off-screen autofill fields. So your browser would autofill them and the ad would capture the data. It was super scummy, and is why browsers moved towards *prompting* for autofill instead of just doing it automatically. But this is no excuse for sites to break paste on their own fields. It adds nothing to security, and only encourages weak passwords.