I brought this up on GitHub almost a year ago, and there were threads way before that. It really is a security hole that not just needs to be reported to the team, but acted on.
Not only does the default need to change for new installations, any existing user should be forced to change the value unless they actively say otherwise. Not that I can think of any reason why that should be so. If a user has Windows password history invoked, then it is doubly important that the clipboard should be cleared. Note that if the default is changed to clear after x minutes, it will not clear existing entries in clipboard history. This should be brought to the users attention.
I only found out by accident that this was set to Never. I was installing Android apps remotely with my recently installed Win11 PC (you have paste Google PW for every Google Play app installation).
When I found the default was off all I could think it was an error.
If you don’t want to change default to something that’s somewhat secure, the least you can do is when the Bitwarden extension/app is installed prompt the user that the setting is OFF/Never by default.
I would like to remind you on this subject, which appears to be a significant security flaw. If the default clipboard cleanup value is not changed would it at least be possible to push a value through the registry or some other way?
