Clear clipboard option should be made “on” by default with an appropriate timeout duration.
Recently when i setup bitwarden on my new mobile (Android) device , i noticed that i was accidently pasting the passwords i had copied earlier on some other websites or apps.
It took multiple instances of this accident , to make me realise that that the clipboard wasn’t being cleared automatically by bitwarden , which i had thought was on by default.
I think this could possibly happen with any user who is setting up bitwarden on a new device and may not instantly jump into all the settings that he/she might find necessary.
Therefore as a solution to prevent any accidental leakages i believe the “Clear clipboard” option should be left “ON” by default with maybe 20 or 30 s timeout.
An alternate solution would be to prompt the user about the important toggles that he wants to keep on/off at a startup screen on installation of bitwarden on that device.
If people want to disable something to be less secure then sure give the user a choice, but Signal does this by enabling E2EE by default for all communications.
Many users don’t ever change defaults so considering a more secure option by default is a great idea.
Yeah, this is one of the two things i found out about bitwarden today that i didn’t expect, the other one is autofill for desktop app. After using keepass for many years, i was caught unguarded these two are not built-in from day one.
I want to add to this however I think there is a better way to handle it - while I agree Clear Clipboard should be enabled by default, it should also be available as a policy under the Organization settings.
In other words we should be able to push this out as a policy to our users (like vault timeout, etc).
The Clear Clipboard default is set to ‘Never’ under Options in Bitwarden. This is an unnecessary security risk and easy to resolve by changing the default.
Risk: your last copy or full history of copies (OS dependent) from Bitwarden is left sitting in your OS clipboard after you paste them. This would be passwords, for example.
Recommendation: change default from ‘Never’ to a length that most users will never need to store a copy before they paste, such as 2 or 5 minutes, dramatically reducing this risk.
Benefit: This improves the base level of security for all users. This would especially benefit new password manager users who may not be aware of the security implications of the current default setting of ‘Never’ clearing their clipboard.
Update: changed recommended time to 1 minute as I didn’t intend to suggest adding a new, longer value. Rather, the intent is to simply not have Never be the default. So, I have changed it to the highest existing value other than Never, which is 1 minute. This will likely be more than enough for the vast majority of users. I don’t personally care what Bitwarden sets it to as long as it’s not Never and that it mitigates the described risk.
I understand. It’s a design question as never clearing the clipboard appears to be an unnecessary security risk and I wonder if I am misunderstanding its implementation.
Why that design decision was made in that way is something we can’t know, unless somebody who was present in that decision-making process chimes in, or perhaps if you get lucky and find some clue in an old discussion on GitHub.
Suffice it to say that there appears to be no fundamental reason why choosing this default value would be preferable to all other options. Perhaps the next option (5 min) would still not be long enough to prevent a user who is unaware of the existence of this option from losing data (e.g., they copy their current password, spend 5 minutes setting up the password generator options, selecting a new password and filling out the update password form on some website, then are surprised when they can’t paste their old password anymore). Perhaps the fact that many users have enabled clipboard history or other clipboard managers, in which case the automatic clipboard clearing mechanism is not effective, was a factor in deciding to effectively disable this feature by default.
You are of course right, that enabling the clipboard clearing functionality (by setting a value other than “Never”) is more secure, unless you have enabled some form of clipboard history.
Just as a PSA for current and future readers of this thread — several of the comments above allude to the existence of this feature, but none have explicitly shown it. Thus, in case anybody wasn’t aware, it is possible to enable automatic clearing of the clipboard in Bitwarden, by changing the default value of the timeout parameter from “Never” to something else. For example, in the browser extension, go to Settings > Options, where you will find the Clear Clipboard timeout setting:
The default value for a new installation is “Never”, and @222 has created this thread to ask about or discuss this decision to have the setting default to “Never”.
Thanks. That archived feature request correctly describes an issue. I may add a new feature request since I can’t add to that one to bring it back to life. I appreciate you pointing this out. Thanks.
I am researching re: Apple and am seeing that iOS and Macs only hold the last item in their clipboards, not a history. So, that limits the risk. But, it will be held a long time if the Bitwarden is set to Never clear.
Thanks, @grb. I should have attached a screenshot.
If Bitwarden goes to the trouble of clearing an unencrypted vault from memory in a pretty meticulous way, as I have read, it is an odd choice to default the clipboard to Never clear, potentially exposing a user’s password(s). The users who don’t touch this at all are more likely to be users who are less security conscious or simply unaware. I would think that Bitwarden would want to be doing its best to protect this group of users from themselves and set a base level of default security for all users that doesn’t introduce unnecessary risk such as this.
Even defaulting it to 2 minutes, more than most users would ever need, would dramatically reduce the risk.
My point was that it’s very easy to manually clear the clipboard in modern versions of Windows. It’s probably in my top five favorite features of Windows 10/11.
Bitwarden devs should pay attention to articles like this. Such low hanging fruit. It’s like LastPass not setting a strong minimum KDF for everyone’s account: once the risk is realized, it doesn’t look good in hindsight.
