I have worked in IT security for years. The only shred of truth to blocking copy/paste of passwords is the possibility that someone would leave a password in their clipboard for an extended period of time to be harvested later by malware. But that risk is slight, and password managers, not applications, have the responsibility to reduce this to a manageable risk.
Financial passwords should be long and complex, filled with random characters of all types (including obscure punctuation marks and characters that you can't even type on a keyboard) and then placed into a secure password manager. From there it can be copied into password prompts and clipboard cleared in seconds.
By hanging on to security urban legend thinking, Turbotax is encouraging people to simplify their passwords, make them shorter, and less complex to make it easier to type in. That is the opposite of good security. That is nothing but security theatre that is counterproductive.
