I just read that with Windows 11 all you copy to the clipboard is sent and stored to the Microsoft cloud, if you are connected to your Microsoft of course. Dangerous in my view. I frequently use the clipboard for a new created password, for a short time.
My Windows 11 account is local, not connected to a Microsoft account. No risks to me. But that’s it.
Three things you can do to avoid risks associated with the system clipboard:
Do not enable the optional Clipboard History feature in Windows.
Do not copy and paste passwords unless absolutely necessary. Bitwarden’s auto-fill functionality allows you to completely bypass the system clipboard when transferring passwords into account registration forms, login forms, or password change forms.
Set up Bitwarden’s “Clear clipboard” option to clear the clipboard after a short time-out period.
Hi, Yes, of course, you’re right. I just wanted to warn other people. I’m using BW since several months, now, and It’s really fantastic, as you know.
To be precise I only use the clipboard sometimes when creating a new password for a site. I paste the generated password in the notebook because many times I have to add the site manually to the vault, and very often my clipboard has been cleared by BW meanwhile. Otherwise I don’t paste passwords in the clipboard.
Then that clipboard could have been saved, stored on the cloud if I would be connected to my Microsoft account. That’s what I wanted to point. "The devil is hiding in details "
The more effective way to do this (without any use of the clipboard) is to start in the browser extension, click Add a login, and fill in the Username, generate a random password (click , then “Select”), then click the “Save” button in the browser extension. Now you can click “Auto-fill” to transfer all of this information to the web form and submit the form.
Hi, I don’t have an answer to your question, but there’s a simple way to manage that.
1 Deactivate the clipboard history in Windows, Setting, Clipboard. I did it.
2 Once you 're done with the copy paste you can copy paste anything into the clipboard, a s^pace, a word diplayed on the screen, anything, It will crush what was there before. Oh ! there’s even may be a shortcut to empty the clipboard. I don’t know it yet.
To access to you clipboard there’s a shortcut : Windows + V
Yesterday I noticed that I also, sometimes, use the copy paste, to get a password in my main browser vault (BW extension), toward another browser avoiding to type my master password in the other browser extension, just for one site or a mail
Anyway, one has to be very careful with the clipboard, no doubt. You can have bad surprises. For example you could send a password inside a mail to someone, typing to fast, (CTRL V) or anything that’s inside the clipboard at that moment
It happened to me once. It wasn’t unimportant but it could had consequences.
@mikem Yes, there is a framework for this, but it’s been a long while since I read about this, so I don’t remember the details. I also recall there being some issue with this framework not working 100% (e.g., perhaps some apps are able to ignore the flag). I’m not sure if Bitwarden attempts to set these types of flags, or not.
@misterp This doesn’t work unless you have enabled the Windows Clipboard History.
Bitwarden can be configured to automatically clear the clipboard after a short, user-configurable period (e.g., 10-30 seconds). This automates the process that you describe above (which is also why it won’t work when the Clipboard History is enabled).
Please note that any process running on your computer (including in your browser) is able to read information from the system clipboard. Thus, it is possible for a malicious process to exfiltrate your clipboard contents (i.e., transfer the information from your local computer to a remote computer). So what starts local, may not stay local.
The length of this thread, and the number of factors being discussed suggests that getting everything Just Right is a matter of some effort. If the clipboard API supports flagging particular content as sensitive, it seems that the effort would definitely be worthwhile. It may not protect against everything, but I’d much rather it default to the safest option to reduce to risk for any user that doesn’t happen to comb through every setting in their Windows Control Panel and research every item individually for it’s potential security risk (i.e., most human beings with normal hobbies).