[Cryptography] Order of username and password entry
Kent Borg
kentborg at borg.org
Thu Apr 8 12:52:56 EDT 2021
On 4/6/21 12:15 AM, Robin Wood wrote:
> I use Keepass which uses the clipboard but clears it after a few
> seconds so the password isn't left in there, I assume other password
> managers would offer a similar service.
What about on Linux? Don't forget the X11 clipboard. (For newcomers: The
current text selection can be pasted with a middle-click. No copy
operation, just select here and middle click there. Which maybe makes
capturing that non-event harder.)
This middle-click paste is a pretty simple (though obscure) feature, yet
a potential security risk. Makes the prospect of password safes doing
automated interaction with web browsers sobering.
-kb
More information about the cryptography
mailing list