MX23, Desktop pc
If it's true that apps have access to the clipboard, is it not unsafe to use a password manager which pastes the passwords to the clipboard first?
Passwords pasted to clipboard? [Solved]
Re: Passwords pasted to clipboard?
For most people, the automated clearing of the clipboard is enough.
However, any application that pastes to the clipboard can be spied upon, even with the "time out clipboard clear" that many password managers use. It there is something on your system that watches the clipboard and logs it, then there is an issue.
KeepassXC (and keepass ) use a special method when you setup Auto Type which can go around the clipboard and "key press" your password specifically into the window / field your on. This is safer if your worried about the clipboard - but it is not going to stop an application that is watching for key strokes.
https://github.com/keepassxreboot/keepa ... oType.adoc
However, any application that pastes to the clipboard can be spied upon, even with the "time out clipboard clear" that many password managers use. It there is something on your system that watches the clipboard and logs it, then there is an issue.
KeepassXC (and keepass ) use a special method when you setup Auto Type which can go around the clipboard and "key press" your password specifically into the window / field your on. This is safer if your worried about the clipboard - but it is not going to stop an application that is watching for key strokes.
https://github.com/keepassxreboot/keepa ... oType.adoc
*QSI = Quick System Info from menu (Copy for Forum)
*MXPI = MX Package Installer
*Please check the solved checkbox on the post that solved it.
*Linux -This is the way!
*MXPI = MX Package Installer
*Please check the solved checkbox on the post that solved it.
*Linux -This is the way!
Re: Passwords pasted to clipboard?
Thanks,CharlesV wrote: Thu Feb 01, 2024 4:48 pm For most people, the automated clearing of the clipboard is enough.
However, any application that pastes to the clipboard can be spied upon, even with the "time out clipboard clear" that many password managers use. It there is something on your system that watches the clipboard and logs it, then there is an issue.
KeepassXC (and keepass ) use a special method when you setup Auto Type which can go around the clipboard and "key press" your password specifically into the window / field your on. This is safer if your worried about the clipboard - but it is not going to stop an application that is watching for key strokes.
https://github.com/keepassxreboot/keepa ... oType.adoc
I presume you mean it by-passes the clipboard and pastes directly to the site login "box"?
Re: Passwords pasted to clipboard?
mmm, just reading that github link you gave, yes it seems to say that. Could be the answer for me.
If there's a key-logger then it's game over I suppose. Are there ways to scan for such loggers?
On another angle - some say using a browser (e. g. Firefox) password manager is not good, but surely with a strong master password on a fde drive should be ok, if no evil maid around?
If there's a key-logger then it's game over I suppose. Are there ways to scan for such loggers?
On another angle - some say using a browser (e. g. Firefox) password manager is not good, but surely with a strong master password on a fde drive should be ok, if no evil maid around?
Re: Passwords pasted to clipboard?
I personally dont trust any 'online' password manager, preferring to stay with local encrypted versions. My personal rule is my browser can handle any password that I dont really care if someone gets in - Otherwise... nope. (and there arent many that are yes either;-p )
Detection of a keylogger can be as simple as looking for them, or working at various techniques.
two links for you on this on
This is listing ubuntu, but most of the same rules apply
https://askubuntu.com/questions/169887/ ... tem#169971
a more generic look :-)
https://duckduckgo.com/?q=linux+scan+fo ... 9-1&ia=web
Detection of a keylogger can be as simple as looking for them, or working at various techniques.
two links for you on this on
This is listing ubuntu, but most of the same rules apply
https://askubuntu.com/questions/169887/ ... tem#169971
a more generic look :-)
https://duckduckgo.com/?q=linux+scan+fo ... 9-1&ia=web
*QSI = Quick System Info from menu (Copy for Forum)
*MXPI = MX Package Installer
*Please check the solved checkbox on the post that solved it.
*Linux -This is the way!
*MXPI = MX Package Installer
*Please check the solved checkbox on the post that solved it.
*Linux -This is the way!
Re: Passwords pasted to clipboard?
I you are leery of your passwords being stolen with any one particular site the best thing to do is to change them on an irregular basis. I tried running clamav, with clamtk for a gui, on my laptop, but found it to be too topheavy and the autoupdater was sketchy as well. IOW, the actual gui did not perform as I would have liked so I uninstalled it. For a very portable laptop one less resource-heavy process running in the background is a good thing. For a desktop pc with multiple users, I would definitely install it. A good AV that scans on a schedule is the best way to prevent keyloggers.
Sys76 LemurPro-mx-23.4, EliteMinis HM90-mx-21.3, Deskmini UM350-phoenixLite win10, Qnap 12tb nas, Protectli FW4C-opnsense(=゜ω゜)
zero privacy = zero security . All MX'd Up
UAP = up above people
zero privacy = zero security . All MX'd Up
UAP = up above people
-
Charlie Brown
Re: Passwords pasted to clipboard?
Though this is not what you asked, you can clear the clipboard whenever you like/remember or as soon as you complete the job. Install the tiny xsel package, then create keyboard shortcut(s) , say, I set Ctrl+Delete to
(For all (primary, secondary, clipboard) it could also be xsel -psbc )
Code: Select all
xsel -bcRe: Passwords pasted to clipboard?
I installed xsel, then opened terminal and entered sudo xsel -bc. I pressed ctrl+Delete but nothing happened. Or maybe I didn't get what you meant. Seems almost easier to click the paperclip on panel and "clear history".Charlie Brown wrote: Thu Feb 01, 2024 8:32 pm Though this is not what you asked, you can clear the clipboard whenever you like/remember or as soon as you complete the job. Install the tiny xsel package, then create keyboard shortcut(s) , say, I set Ctrl+Delete to
(For all (primary, secondary, clipboard) it could also be xsel -psbc )Code: Select all
xsel -bc
Also I'm looking to try Keepassxc with Auto-type ......
Re: Passwords pasted to clipboard?
Self-generating stateless password managers like Spectre, LessPass, or MasterPassword probably don't use the clipboard to copy as they're self-generating; but there can be disadvantages such as if the website's "info" changes (maybe url), and no list of previous passwords or website info, etc.
-
Charlie Brown
Re: Passwords pasted to clipboard?
Charlie Brown wrote: Thu Feb 01, 2024 8:32 pm... create keyboard shortcut(s) , say, I set Ctrl+Delete to ...
You do not have the required permissions to view the files attached to this post.