This has the added benefit of disabling local password managers like PasswordSafe. Might as well throw in some stupid password policy (like maximum password length, or banning some special characters but not explaining which) to make sure stubborn users won't use a secure password even if they're willing to type it in every time.

As an fyi, you can disable the onpaste event in the dev console. Obviously doesn't fix the actual problem but at least helps retyping your email...