Windows 1Password browser copy security differs from standalone app
When you copy a password from the standalone app (at least in Windows):
1. after some time (which is configurable in the settings) the copied data is cleared from the clipboard
2. the copied data is prevented from appearing the Windows Clipboard manager (available by pressing Win+V)
However, when copying a password from the browser add-on, neither of these things are true. The password does appear in the clipboard manager, and is also never cleared from the clipboard itself.
Personally, I've avoided syncing my Windows accounts because I've never quite understood the security implications and it just seemed like a bad idea. However, if you do sync settings in Windows 10, I believe the clipboard manager is among the things which are synced. Having passwords on it is a potential security problem.
I think it would be a good idea to implement the same clipboard security measures already present in the standalone app to the browser add-ons.
Thanks.
1Password Version: 7.6.800
Extension Version: 1.25.5
OS Version: Windows 10
Sync Type: 1Password
Comments
-
Hi,
Before switching to 1Password I was using Lastpass, which existed only as a browser add-on. It definitely had the ability to clear the clipboard, so it seems this is possible. I can't recall if it prevented copied text from showing up in the clipboard manager, but I believe it didn't prevent that.
In any case, now that you've got the add-on app integration working, perhaps the add-on can send a signal to the app that it copied something, and let the app handle the clearing of the clipboards?
Thanks!
0 -
That's certainly something we'd like to explore further, @DrRZ. We have no plans to stop iterating on and improving integration with the 1Password apps. :smile:
ref: dev/core/core#159
0
