I will claim that this restriction does NOT improve security. In fact, it will make it worse and will lead to
- User temporarily change the password to a simpler/shorter string to type.
- and will cause user endless frustration (imagining having to type blindly 64 random characters that just echoing '*****'. If user makes a mistake, how does s/he figure out which is the bad characters?)
The NIST Digital Identity guideline called this out
Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized
secret. This facilitates the use of password managers, which are widely used and in many cases
increase the likelihood that users will choose stronger memorized secrets.
I've put up with it for a few years now but I can't anymore. This year wealthfront requires an auto-generated app-only password that is 32 characters long and I just can't type all that without making mistakes.
