Windows 1Password browser copy security differs from standalone app

When you copy a password from the standalone app (at least in Windows):
1. after some time (which is configurable in the settings) the copied data is cleared from the clipboard
2. the copied data is prevented from appearing the Windows Clipboard manager (available by pressing Win+V)

However, when copying a password from the browser add-on, neither of these things are true. The password does appear in the clipboard manager, and is also never cleared from the clipboard itself.

Personally, I've avoided syncing my Windows accounts because I've never quite understood the security implications and it just seemed like a bad idea. However, if you do sync settings in Windows 10, I believe the clipboard manager is among the things which are synced. Having passwords on it is a potential security problem.

I think it would be a good idea to implement the same clipboard security measures already present in the standalone app to the browser add-ons.

Thanks.


1Password Version: 7.6.800
Extension Version: 1.25.5
OS Version: Windows 10
Sync Type: 1Password

Comments

  • ag_anaag_ana

    Team Member

    Hi @DrRZ!

    The last time we looked at this, the problem seemed to be that current browser APIs do not allow us to do this yet, but they might in the future. You can find some more details in this post from my colleague Kaitlyn.

  • DrRZDrRZ

    Hi,

    Before switching to 1Password I was using Lastpass, which existed only as a browser add-on. It definitely had the ability to clear the clipboard, so it seems this is possible. I can't recall if it prevented copied text from showing up in the clipboard manager, but I believe it didn't prevent that.

    In any case, now that you've got the add-on app integration working, perhaps the add-on can send a signal to the app that it copied something, and let the app handle the clearing of the clipboards?

    Thanks!

  • ag_michaelcag_michaelc

    Team Member

    That's certainly something we'd like to explore further, @DrRZ. We have no plans to stop iterating on and improving integration with the 1Password apps. :smile:

    ref: dev/core/core#159

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file