If your workflow counts on users copying and pasting things (like security tokens from text messages) read this:

Please for fuck sake trim the damn whitespace before you validate. I can't see the fucking space client-side, and you fucking know I didn't mean to enter <SPACE>123456 as my auth code.

Double click, copy, paste, click, curse <-- Story of my life because somebody forgot a damn .replace statement.