Read first: Previous version support information

Copy to clipboard - Avoid Clipboard History

cpmcgrath
cpmcgrath
Community Member
in 1Password 7 for Windows

Windows 10 has a new feature "Clipboard History" it's off by default, but basically it lets you hit win v and see your clipboard history for your current session.

This is a really useful feature, however, it's inappropriate for passwords to be in there - especially if you have "Clear clipboard contents after x seconds"

I don't know if there's anything you can do about this at the moment, or if it's something you'll need to advocate for Microsoft to enhance.

I think it's important to think about now, by default it's currently off, but they might change it in the future, and people won't realise their passwords may be viewed just by pressing win v.

Obviously similar concerns for Sync across devices.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • bundtkate
    bundtkate

    To my knowledge, @cpmcgrath, we can't do anything about this at present. We certainly hope there will be an API that will allow us to exclude anything coming from 1Password from clipboard history, but as yet there's nothing available that I'm aware of. It's definitely something we'd favor, though, and if Microsoft has any tricks up their sleeves, we'd be thrilled to work with them on it. :+1:

  • max1pw
    max1pw
    Community Member

    Hi,
    the programmers of Keepass seem to have found a solution to it:
    "https://keepass.info/news/n190109_2.41.html"
    Regards Micha

  • bundtkate
    bundtkate

    I just reached out to our development team to confirm, @max1pw, but last I heard there is no official way to manage this just yet. That doesn't mean Keepass didn't figure our something that effectively prevents storage in clipboard history that works within their own system – we've designed some systems of our own to get around OS-level limitations where we could in the past and there may well be a similar option here. That said, these things are rarely perfect until we get something from the OS developer themselves designed to control the behavior of OS features, so our advice would likely remain the same regardless. If you want a guarantee that data copied from 1Password isn't stored in clipboard history, it's best to keep this feature off until some official tools are released that allow us to guarantee such data is excluded.

  • gazu
    gazu
    Community Member

    @max1pw the feature that KeePass has introduced is a tagged clear command. If Windows is quick, then it'll still be copied to the cloud clipboard.

    Microsoft need to introduce proper functionality allowing apps to selectively disable their content from being copied to the clipboard. Expert users will never want to be logged into Windows with a Microsoft account anyway.

    Don't rely on release notes to tell you the whole story - disable the option in Windows yourself to be safe. :)

    This is how KeePass does it.

    public static void Clear()
    {

    if(!g_csClearing.TryEnter()) { Debug.Assert(false); return; }

    try { Copy("--", false, false, null, null, IntPtr.Zero); }
    catch(Exception) { Debug.Assert(false); }

    bool bNativeSuccess = false;
    try
    {
    if(!NativeLib.IsUnix()) // Windows
    {
    if(OpenW(IntPtr.Zero, true)) // Clears the clipboard
    {
    CloseW();
    bNativeSuccess = true;
    }
    }
    else if(NativeLib.GetPlatformID() == PlatformID.MacOSX)
    {
    SetStringM(string.Empty);
    bNativeSuccess = true;
    }
    else if(NativeLib.IsUnix())
    {
    SetStringU(string.Empty);
    bNativeSuccess = true;
    }
    }
    catch(Exception) { Debug.Assert(false); }

    g_pbDataHash = null;
    g_csClearing.Exit();

    if(bNativeSuccess) return;

    Debug.Assert(false);
    try { Clipboard.Clear(); } // Fallback; empty data object
    catch(Exception) { Debug.Assert(false); }
    }

    public static void ClearIfOwner()
    {

    try
    {
    if(!NativeLib.IsUnix())
    {
    IntPtr h = NativeMethods.GetClipboardOwner();
    if(h != IntPtr.Zero)
    {
    MainForm mf = Program.MainForm;
    if(((mf != null) && (h == mf.Handle)) ||
    GlobalWindowManager.HasWindow(h))
    bOwnHandle = true;
    }
    }
    }
    catch(Exception) { Debug.Assert(false); } */

    if(g_pbDataHash == null) return;

    byte[] pbCur = ComputeHash();
    if((pbCur == null) || !MemUtil.ArraysEqual(pbCur, g_pbDataHash))
    return;

    Clear();
    }

    private static byte[] HashString(string str)
    {
    try
    {
    if(string.IsNullOrEmpty(str)) return null;

    byte[] pb = StrUtil.Utf8.GetBytes(str);
    return CryptoUtil.HashSha256(pb);
    }
    catch(Exception) { Debug.Assert(false); }

    return null;
    }

    public static byte[] ComputeHash()
    {
    try { return HashString(GetText()); }
    catch(Exception) { Debug.Assert(false); }

    return null;
    }

    public static bool ContainsText()
    {
    if(NativeLib.IsUnix()) return true;
    return Clipboard.ContainsText();
    }

    public static bool ContainsData(string strFormat)
    {
    if(string.IsNullOrEmpty(strFormat)) { Debug.Assert(false); return false; }
    if(strFormat.Equals(DataFormats.UnicodeText, StrUtil.CaseIgnoreCmp) ||
    strFormat.Equals(DataFormats.Text, StrUtil.CaseIgnoreCmp) ||
    strFormat.Equals(DataFormats.OemText, StrUtil.CaseIgnoreCmp))
    return ContainsText();

    string strData = GetText();
    if(string.IsNullOrEmpty(strData)) return false;

    return StrUtil.IsDataUri(strData, StrUtil.GetCustomMediaType(strFormat));
    }

    public static string GetText()
    {
    if(!NativeLib.IsUnix()) // Windows
    return Clipboard.GetText();
    if(NativeLib.GetPlatformID() == PlatformID.MacOSX)
    return GetStringM();
    if(NativeLib.IsUnix())
    return GetStringU();

    Debug.Assert(false);
    return Clipboard.GetText();
    }

    public static byte[] GetData(string strFormat)
    {
    try
    {
    string str = GetText();
    if(string.IsNullOrEmpty(str)) return null;

    string strMedia = StrUtil.GetCustomMediaType(strFormat);
    if(!StrUtil.IsDataUri(str, strMedia)) return null;

    return StrUtil.DataUriToData(str);
    }
    catch(Exception) { Debug.Assert(false); }

    return null;
    }
    }
    }

  • cpmcgrath
    cpmcgrath
    Community Member

    I think the response of, "We want to use official methods to do this, and there currently is none" is acceptable.
    However, it would be great to see 1password being loud advocates to get Microsoft to implement such functionality. There's many people with influence who are very responsive to feedback.

    I would recommend trying to detect if clipboard history is on, and warning users about it in the mean time.

  • MrC
    MrC
    Volunteer Moderator

    I think Microsoft has bigger issues right now. They have been struggling to put out a stable, working OS.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, and we're also hesitant to offer a security feature unless we can verify that it works consistently for everyone. There aren't proven, officially-supported APIs we can rely on at this time, but it's something we'll continue to advocate for. I know that being loud is popular on the internet, but we've found that being reasonable is more effective in the long run. Better to have a good relationship with the platform owner, since I'm sure it isn't the last thing we'll be requesting. ;)

  • lumarel
    lumarel
    Community Member
    edited April 2019

    As of this feature was introduced in one of the SkipAhead builds there already was an request in the Feedback-Hub for this (ref: link and link ). So they at least know that the need is there. :+1:
    Maybe/Hopefully they find the time to securely implement it beside all their current struggles.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I suspect they'll get around to it eventually. Here's hoping. :)

This discussion has been closed.