Perils of Handoff in Mac OSX / iOS


#1

I just discovered a really good reason not to use Handoff, because of its “universal clipboard” feature that I’ve just now learned about, first hand.

My daughter was doing an online Spanish class on our iMac.

I go to help her shorten the password for her Bitwarden, using my iPad. Really basic password rotation, I make it first in BW, then use “copy / paste” to avoid typos.

I copy passwords, but it keeps pasting odd phrases into the login field. Never seen that before and I keep testing it, eventually it seems to paste correctly again.

I login to web vault / account and rotate the new password.
Naturally it asks me to login again.
Now it won’t let me login with new password I just set.

I wait and let it sync, try again.
No go. Still can’t login.
Try old passwords too.
Login not happening.

I troubleshoot… testing copy / pasting new passwords, and again it pastes something other than what I’d just copied.

I look over at my daughter and ask, “hey did you just copy something about Don Quixote reads adventure novels ?”

She: “yeah, how’d you know?”

My iPad was pasting whatever she was copy/pasting.
So I must’ve reset her account to some long sentence she was pasting for her Spanish assignment.

I’m suspecting Apple’s Handoff to be the culprit. Its not Safari synced across devices as she was using Chrome.

In theory, a password could suddenly paste on another iClouded machine, within the 30 sec timeframe before Bitwarden clears the clipboard (and I’m not sure it would clear it on all iClouded devices).

And if you’re really unlucky you can be like me and succeed in locking your daughter out of her Bitwarden account. :slightly_smiling_face:

It would also be great if the reset password field allowed you to show the text string. That would’ve allowed me to avoid this problem as well. Unfortunately the web vault won’t do that for the reset password fields.