Re: kdeconnect clipboard passwords security
On Thursday, October 18, 2018 5:13:11 PM CEST Thom Castermans wrote:
> Dear Chris,
>
> > Also there might be far superior solution to that password leaking issue
> > of
> > which I'm unaware of.
>
> Some password managers (at least Keepass, which I use) have a function
> to auto type the password. This means that they will send the sequence
> of key events as if you were typing the password yourself. Keepass
> even provides options to also type the username and other fields you
> want. This is convenient on web pages:
> <username><tab><password><enter> and you are logged in.
I myself use KeePassXC; I remember I noticed this functionality a long time
ago. At the moment I hadn't had it work properly: I'll look into it again.
It seems it can be part of the right answer:
Not having Kdeconnect repeating everything you say to your phone;
and using a different channel that clipboard for passwords.
(Just because we don't necessarily read posts in "correct" order, I've been
pointed out to two completely relevant upstream bugs, which I repeat here:
https://bugs.kde.org/show_bug.cgi?id=386568
https://bugs.kde.org/show_bug.cgi?id=392164)
Thanks,
Chris
>
> The above avoids having the password in your clipboard at any time.
>
> Nevertheless I agree with you that it would be nice if the default
> behavior could be changed.
>
> Best,
> Thom
Reply to: