I also think that the clipboard passwords is a significant security concern.
After upgrading some of my weaker passwords, I ended up with a clipboard full of valid passwords. It seems counterintuitive to me to take all these measures to keep my vault safe while some of my passwords are floating on the clipboard.
I was wondering if there were any thoughts from the BitWarden Team.
Merry Xmas everyone!
Thanks for checking in @vc34, no updates to share at this time, but as always, we welcome community PRs should someone be interested in working on this feature.
New here, and was wondering about the clipboard security in BW after reading the security on another app (Sticky Password) that says it encrypts the password when you click it’s copy icon, and detects a Windows Paste command to confirm you want to past it. And, I assume it decrypts it before the paste.
Is this still an issue in BW?? If Sticky Password leaves an encrypted password in the clipboard history, I guess that’s probably ok. But I don’t understand why you cannot delete an item in the Windows Clipboard history, when I can even do that manually…
Is there still no fix to Samsung’s clipboard security flaw?
I’m new here. Spent more time than I like already searching web on this issue.
In my device (s21) BW is set to clear passwords after 20 seconds. This fails. Samsung keyboard keeps everything unless I manually select “delete”, or “delete all.”
Forgive me if this has been clearly answered elsewhere.
Thanks!
I had just asked the developer of Unclutter (which I’ve used for years) about this issue. The relevant part reads “…if the extension doesn’t provide these special flags, Unclutter will not recognize this data as sensitive.”
WHY doesn’t BW provide whatever these flags are? The whole point of BW is to protect passwords, so if it CAN use a flag to indicate to clipboard apps not to show passwords then it obviously SHOULD. I’m not getting the issue.
Absolutely, your message is clear and concise. It addresses the issue at hand and offers a potential solution. Here’s the final version:
Hey everyone,
Just wanted to chime in on this clipboard history issue. I’ve noticed the same thing - passwords going to clipboard managers that support “ignoring sensitive content”. This is definitely a bit concerning, and it’s happening both in the web extension and desktop here on my Mac.
Also, I use BetterTouchTool which can hide passwords from clipboard history. It would be awesome if Bitwarden could flag it as sensitive or something similar.
Just throwing my two cents in. Hoping we can find a way to make our passwords even safer!
One can avoid using clipboard by using passphrases instead of passwords. Then instead of copy-and-pasting a secret one could read-and-type it. Does it make sense? 
This way we replace the threat of clipboard hijacking with the threat of keylogging.
@Slava_Istomin That does make sense, but is a little inconvenient. More convenient would be, to use the drag & drop function of e.g. the browser extensions and desktop apps. The drag & drop function “circumvents” the clipboard.
Hi Everyone,
I’ve been dealing with the same issue described here with the clipboard storage of passwords in clear-text using the browser extension. However, I have found a semi-solution.
My company uses the Edge browser. Edge offers a feature called “InPrivate Window”, which, i figure is similar to chromes incognito mode. It can be selected by right clicking on the edge taskbar icon, and selecting the “add InPrivate window” option. If BitWarden is used within this private window, you still can copy and paste passwords, but they will not be stored in the clipboard.
Of course this is also not an optimal option, but it does work.
Hope this helps!
With web pages and the browser extensions, you should not be copy/pasting passwords in the first place. Auto-fill is better because it avoids the clipboard altogether. And, bonus, it also helps protect against “look alike” websites.
Clipboard history is primarily a concern with desktop apps, where auto-type remains on the feature request list.