It's difficult to fathom where this pattern of disabling paste came from or what possible security issue it's supposed to address. Using some JavaScript on the page to prevent users from pasting into a password field is insane and potentially harmful for security.

A user with a password manager app will have a long, impossible-to-remember password that has to be pasted into the field (especially on mobile, where it's more tricky to autofill the field).

It's a good general rule across the board to not interfere with standard system behaviors (copy, paste, find, zoom, right-click, and so on), as they are all basic interactions that the user will have grown accustomed to over years of ...