Page 1 of 3
Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 4:25 pm
by LinnitXa
MX23, Desktop pc
If it's true that apps have access to the clipboard, is it not unsafe to use a password manager which pastes the passwords to the clipboard first?
Re: Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 4:48 pm
by CharlesV
For most people, the automated clearing of the clipboard is enough.
However, any application that pastes to the clipboard can be spied upon, even with the "time out clipboard clear" that many password managers use. It there is something on your system that watches the clipboard and logs it, then there is an issue.
KeepassXC (and keepass ) use a special method when you setup Auto Type which can go around the clipboard and "key press" your password specifically into the window / field your on. This is safer if your worried about the clipboard - but it is not going to stop an application that is watching for key strokes.
https://github.com/keepassxreboot/keepa ... oType.adoc
Re: Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 5:15 pm
by LinnitXa
CharlesV wrote: Thu Feb 01, 2024 4:48 pm
For most people, the automated clearing of the clipboard is enough.
However, any application that pastes to the clipboard can be spied upon, even with the "time out clipboard clear" that many password managers use. It there is something on your system that watches the clipboard and logs it, then there is an issue.
KeepassXC (and keepass ) use a special method when you setup Auto Type which can go around the clipboard and "key press" your password specifically into the window / field your on. This is safer if your worried about the clipboard - but it is not going to stop an application that is watching for key strokes.
https://github.com/keepassxreboot/keepa ... oType.adoc
Thanks,
I presume you mean it by-passes the clipboard and pastes directly to the site login "box"?
Re: Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 5:30 pm
by LinnitXa
mmm, just reading that github link you gave, yes it seems to say that. Could be the answer for me.
If there's a key-logger then it's game over I suppose. Are there ways to scan for such loggers?
On another angle - some say using a browser (e. g. Firefox) password manager is not good, but surely with a strong master password on a fde drive should be ok, if no evil maid around?
Re: Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 5:36 pm
by CharlesV
I personally dont trust any 'online' password manager, preferring to stay with local encrypted versions. My personal rule is my browser can handle any password that I dont really care if someone gets in - Otherwise... nope. (and there arent many that are yes either;-p )
Detection of a keylogger can be as simple as looking for them, or working at various techniques.
two links for you on this on
This is listing ubuntu, but most of the same rules apply
https://askubuntu.com/questions/169887/ ... tem#169971
a more generic look :-)
https://duckduckgo.com/?q=linux+scan+fo ... 9-1&ia=web
Re: Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 8:12 pm
by davidy
I you are leery of your passwords being stolen with any one particular site the best thing to do is to change them on an irregular basis. I tried running clamav, with clamtk for a gui, on my laptop, but found it to be too topheavy and the autoupdater was sketchy as well. IOW, the actual gui did not perform as I would have liked so I uninstalled it. For a very portable laptop one less resource-heavy process running in the background is a good thing. For a desktop pc with multiple users, I would definitely install it. A good AV that scans on a schedule is the best way to prevent keyloggers.
Re: Passwords pasted to clipboard?
Posted: Thu Feb 01, 2024 8:32 pm
by Charlie Brown
Though this is not what you asked, you can clear the clipboard whenever you like/remember or as soon as you complete the job. Install the tiny
xsel package, then create keyboard shortcut(s) , say, I set Ctrl+Delete to
(For all (primary, secondary, clipboard) it could also be
xsel -psbc )
Re: Passwords pasted to clipboard?
Posted: Fri Feb 16, 2024 8:58 am
by LinnitXa
Charlie Brown wrote: Thu Feb 01, 2024 8:32 pm
Though this is not what you asked, you can clear the clipboard whenever you like/remember or as soon as you complete the job. Install the tiny
xsel package, then create keyboard shortcut(s) , say, I set Ctrl+Delete to
(For all (primary, secondary, clipboard) it could also be
xsel -psbc )
I installed xsel, then opened terminal and entered sudo xsel -bc. I pressed ctrl+Delete but nothing happened. Or maybe I didn't get what you meant. Seems almost easier to click the paperclip on panel and "clear history".
Also I'm looking to try Keepassxc with Auto-type ......
Re: Passwords pasted to clipboard?
Posted: Fri Feb 16, 2024 11:34 am
by MXRobo
Self-generating stateless password managers like Spectre, LessPass, or MasterPassword probably don't use the clipboard to copy as they're self-generating; but there can be disadvantages such as if the website's "info" changes (maybe url), and no list of previous passwords or website info, etc.
Re: Passwords pasted to clipboard?
Posted: Fri Feb 16, 2024 12:07 pm
by Charlie Brown
Charlie Brown wrote: Thu Feb 01, 2024 8:32 pm...
create keyboard shortcut(s) ,
say, I set Ctrl+Delete to ...
LinnitXa wrote: Fri Feb 16, 2024 8:58 am... pressed ctrl+Delete but nothing happened ...