Clear clipboard option should be made “on” by default with an appropriate timeout duration.
Recently when i setup bitwarden on my new mobile (Android) device , i noticed that i was accidently pasting the passwords i had copied earlier on some other websites or apps.
It took multiple instances of this accident , to make me realise that that the clipboard wasn’t being cleared automatically by bitwarden , which i had thought was on by default.
I think this could possibly happen with any user who is setting up bitwarden on a new device and may not instantly jump into all the settings that he/she might find necessary.
Therefore as a solution to prevent any accidental leakages i believe the “Clear clipboard” option should be left “ON” by default with maybe 20 or 30 s timeout.
An alternate solution would be to prompt the user about the important toggles that he wants to keep on/off at a startup screen on installation of bitwarden on that device.
If people want to disable something to be less secure then sure give the user a choice, but Signal does this by enabling E2EE by default for all communications.
Many users don’t ever change defaults so considering a more secure option by default is a great idea.
Yeah, this is one of the two things i found out about bitwarden today that i didn’t expect, the other one is autofill for desktop app. After using keepass for many years, i was caught unguarded these two are not built-in from day one.
I want to add to this however I think there is a better way to handle it - while I agree Clear Clipboard should be enabled by default, it should also be available as a policy under the Organization settings.
In other words we should be able to push this out as a policy to our users (like vault timeout, etc).
