[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kdeconnect clipboard passwords security

On Thursday, October 18, 2018 5:13:11 PM CEST Thom Castermans wrote:
> Dear Chris,
> > Also there might be far superior solution to that password leaking issue
> > of
> > which I'm unaware of.
> Some password managers (at least Keepass, which I use) have a function
> to auto type the password. This means that they will send the sequence
> of key events as if you were typing the password yourself. Keepass
> even provides options to also type the username and other fields you
> want. This is convenient on web pages:
> <username><tab><password><enter> and you are logged in.

I myself use KeePassXC; I remember I noticed this functionality a long time 
ago. At the moment I hadn't had it work properly: I'll look into it again.
It seems it can be part of the right answer:
Not having Kdeconnect repeating everything you say to your phone;
and using a different channel that clipboard for passwords.

(Just because we don't necessarily read posts in "correct" order, I've been 
pointed out to two completely relevant upstream bugs, which I repeat here:


> The above avoids having the password in your clipboard at any time.
> Nevertheless I agree with you that it would be nice if the default
> behavior could be changed.
> Best,
> Thom

Reply to: