I’ve never come across this, but I can guarantee that if your site prevents me from pasting my (16-character random) password on login, I’m not using your site!
It is a mystery where SPP came from. No one has pointed to a paper, a rule, an RFC (a technical standards document to plan how the Internet should work) or anything else that started it off. If you know of one, let us know using the comments form below. We believe it’s one of those ‘best practice’ ideas that has a common sense instant appeal that may have made sense once. Considering the bigger picture today, it really doesn’t make sense.