You should change your password manager's clipboard settings now

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
PSA: Password managers are probably the safest way to establish and manage secure passwords, but they aren't bulletproof. One security setting in particular is perhaps a bit too lax in some managers, which could give attackers a way to grab users' passwords in certain situations.

If you use a password manager, you should definitely check the setting that controls how quickly it clears copied text from the clipboard as grabbing information from this location is a common tactic of malicious actors.

Some password managers like Bitwarden and Keeper never clear the clipboard on their default settings. That means that once you use a password with either of those managers, your username and password sit in the clipboard indefinitely, accessible to any other application on your system. PCWorld writes that using cloud clipboards could let other apps access that information even if users don't paste the text.

The setting to make your password manager clear the clipboard after a set amount of time is found under Settings in Keeper and NordPass and Settings > Options in Bitwarden. You can find it in each manager's desktop app, mobile app, or browser extension. NordPass defaults to 30 seconds, and it would be prudent for other password manager developers to change their defaults to something similar.

Two password managers have suffered attacks over the last few months including LastPass, which was hit in December. The company initially said it wasn't cause for alarm among ordinary users, but later that month it revealed the attackers had accessed usernames and encrypted passwords. It would take a determined hacker to unencrypt the passwords, but it's not impossible. LastPass users should at least change their passwords and possibly consider another password manager.

Earlier this month, Norton Password Manager withstood a less serious but still concerning attack. Someone used a credential stuffing attack to make mass login attempts using a collection of usernames and passwords stolen in other data breaches. Unlike the LastPass incident, no one breached operator Gen Digital's (formerly Symantec and NorthLifeLock) internal systems, and anyone who uses two-factor authentication should be safe.

While changing your password manager's clipboard setting, it's also good to take a tour of the other security settings. They let users control things like login methods, how often the manager locks itself, how it handles authenticator keys, and other important features.
Click to expand...
www.techspot.com

You should change your password manager's clipboard settings now

If you use a password manager, you should definitely check the setting that controls how quickly it clears copied text from the clipboard as grabbing information from...
www.techspot.com www.techspot.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, The_King, plat and 6 others
Z

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
If someone pwns your computer and has malware on it, then it's too late. Clearing the clipboard/not saving copied info to clippy is not going to save you.

But there was this guy on Wilders, and he developed a clipboard clearing program that sat in system tray and cleared the clippy at regular intervals, it was about 80kbs and did the job well. Sven Flaw(sp) was his username or something similar.
 
  • Like
  • Thanks
Reactions: Tume, Nevi, roger_m and 1 other person
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,030
Zero Knowledge said:
If someone pwns your computer and has malware on it, then it's too late. Clearing the clipboard/not saving copied info to clippy is not going to save you.

But there was this guy on Wilders, and he developed a clipboard clearing program that sat in system tray and cleared the clippy at regular intervals, it was about 80kbs and did the job well. Sven Flaw(sp) was his username or something similar.
Click to expand...

It's call ClipWipe, here

www.wilderssecurity.com

ClipWipe - a tiny system-wide clipboard wiper

ClipTTL (formerly ClipWipe) is a tiny system tool that I initially created during my commute to work. You should find it handy if you are into the...
www.wilderssecurity.com www.wilderssecurity.com

Name changed to ClipTTL

Can download from here

www.majorgeeks.com

Download ClipTTL - MajorGeeks

ClipTTL is an easy to use, portable application to clear your clipboard history. ClipTTL prevents accidental copy and pastes if that's a problem for you. Being portable, double-click it any time, and you will find it in your system tray. Right-click on the icon and select Clear now or Exit.
www.majorgeeks.com

ClipTTL CLEARS the clipboard with the time you set. But it does NOT clear the clipboard history. So not so useful.

:(
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: Tume, Nevi, Gandalf_The_Grey and 3 others

Similar threads

Brownie2019
    • Like
    • Thanks
Unlimited Giveaway Password Depot v16 for free -Lifetime
Replies
0
Views
451
Giveaways, Promotions and Contests
Brownie2019
Brownie2019
CyberTech
    • Like
    • +Reputation
    • Wow
Bitwarden password vaults targeted in Google ads phishing attack
Replies
15
Views
1,427
Passwords and passkeys
Thales
Thales
Ink
    • Like
New Update Cloaked - mask your phone and email, password manager and OTP
Replies
0
Views
624
Passwords and passkeys
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top