Warning : With Windows 11, the clipboard is stored on the cloud

I just read that with Windows 11 all you copy to the clipboard is sent and stored to the Microsoft cloud, if you are connected to your Microsoft of course. Dangerous in my view. I frequently use the clipboard for a new created password, for a short time.
My Windows 11 account is local, not connected to a Microsoft account. No risks to me. But that’s it.

enabled by default :

Three things you can do to avoid risks associated with the system clipboard:

  1. Do not enable the optional Clipboard History feature in Windows.

  2. Do not copy and paste passwords unless absolutely necessary. Bitwarden’s auto-fill functionality allows you to completely bypass the system clipboard when transferring passwords into account registration forms, login forms, or password change forms.

  3. Set up Bitwarden’s “Clear clipboard” option to clear the clipboard after a short time-out period.

1 Like

Hi, Yes, of course, you’re right. I just wanted to warn other people. I’m using BW since several months, now, and It’s really fantastic, as you know.
To be precise I only use the clipboard sometimes when creating a new password for a site. I paste the generated password in the notebook because many times I have to add the site manually to the vault, and very often my clipboard has been cleared by BW meanwhile. Otherwise I don’t paste passwords in the clipboard.
Then that clipboard could have been saved, stored on the cloud if I would be connected to my Microsoft account. That’s what I wanted to point. "The devil is hiding in details "

The more effective way to do this (without any use of the clipboard) is to start in the browser extension, click Add a login, and fill in the Username, generate a random password (click :arrows_counterclockwise:, then “Select”), then click the “Save” button in the browser extension. Now you can click “Auto-fill” to transfer all of this information to the web form and submit the form.

1 Like

Yes, thank you. I will probably change the way I proceed.
It depends of the context, too. I will think about this and try that way.

Is it possible to set a flag when copying something to the clipboard to mark it as sensitive and local-only?

Hi, I don’t have an answer to your question, but there’s a simple way to manage that.
1 Deactivate the clipboard history in Windows, Setting, Clipboard. I did it.
2 Once you 're done with the copy paste you can copy paste anything into the clipboard, a s^pace, a word diplayed on the screen, anything, It will crush what was there before. Oh ! there’s even may be a shortcut to empty the clipboard. I don’t know it yet.
To access to you clipboard there’s a shortcut : Windows + V
Yesterday I noticed that I also, sometimes, use the copy paste, to get a password in my main browser vault (BW extension), toward another browser avoiding to type my master password in the other browser extension, just for one site or a mail

Anyway, one has to be very careful with the clipboard, no doubt. You can have bad surprises. For example you could send a password inside a mail to someone, typing to fast, (CTRL V) or anything that’s inside the clipboard at that moment
It happened to me once. It wasn’t unimportant but it could had consequences.

a shortcut allowing to empty the clipboard, supposedly :

I just did some googling and my best guesses are:

  1. Clipboard History, if enabled: data does not leave the device, so is only a local risk
  2. Clipboard Sync, if enabled: data does leave the device (going through MS cloud), and is not E2EE, so is a cloud risk

@mikem Yes, there is a framework for this, but it’s been a long while since I read about this, so I don’t remember the details. I also recall there being some issue with this framework not working 100% (e.g., perhaps some apps are able to ignore the flag). I’m not sure if Bitwarden attempts to set these types of flags, or not.

@misterp This doesn’t work unless you have enabled the Windows Clipboard History.

Bitwarden can be configured to automatically clear the clipboard after a short, user-configurable period (e.g., 10-30 seconds). This automates the process that you describe above (which is also why it won’t work when the Clipboard History is enabled).

Please note that any process running on your computer (including in your browser) is able to read information from the system clipboard. Thus, it is possible for a malicious process to exfiltrate your clipboard contents (i.e., transfer the information from your local computer to a remote computer). So what starts local, may not stay local.

You’re right on everything.
And my BW extension is set to clear the content of the clipboard.
My PCs are protected by a good security suite.

The length of this thread, and the number of factors being discussed suggests that getting everything Just Right is a matter of some effort. If the clipboard API supports flagging particular content as sensitive, it seems that the effort would definitely be worthwhile. It may not protect against everything, but I’d much rather it default to the safest option to reduce to risk for any user that doesn’t happen to comb through every setting in their Windows Control Panel and research every item individually for it’s potential security risk (i.e., most human beings with normal hobbies).

Storing sensitive data in the cloud can be worrying. Fortunately, if your Windows 11 account is local and not linked to a Microsoft account, or encryption keys, you are probably protected from this risk. Speaking of Windows keys, I recently came across a website where they offer affordable cheap windows 10 key. It might be useful for those who are not planning to upgrade to Windows 11 just yet or for anyone looking for a budget-friendly option. As for me, I find myself using the clipboard a lot too, especially when generating temporary passwords or copying various bits of information.

On the topic of clearing the clipboard, you can use the Clip command. it’s pretty easy and is:

echo. | clip

Of course, you can bung this in a batch file and call it any time you like. I run BW from a batch file and when I quit BW, it runs the command above, just to be sure lol.

As far as running Windows 11, Microsoft says my laptop is too old :frowning: