Password coppied to clipboard (clipper) remains visible.

[steveedmonds]

In KDE "copy password to clipboard" copies the password to the clipboard and clipper. When Clear Clipboard is set (say 10s) the clipboard is cleared but clipper is not, the password stays accessable requiring manual removal.
In KeepassXC the same setting copies the password to clipboard (and expunges it in 10s) but does not copy the password to clipper. I am not able to test Glipper or Mac.
steve

[dgarberj]

I use Alfred's clipboard history, and there too it does not clear.

I wonder if this is something that's out of Bitwarden's control as it's a third party product that is storing the value.

[steveedmonds]

For me this does not occur with KeepassXC, so it is within their control and should also therefore be within the control of Bitwarden.

[ntimo]

For Alfred you have to set the copied password to be "Concealed" so Alfred does not save it. Maybe this the Bitwarden browser addon could do that.

Source: https://www.alfredapp.com/help/features/clipboard/

[steveedmonds]

As referred to in your reference, org.nspasteboard.ConcealedType is also referred to in the KeepassXC source code. It doesn't seem to be referred to in the Bitwarden source so may be you have touched on something.

[fabianski7]

nothing solved so far!?

[krispetkov]

I can see that his issue is still present. Are there any plans of fixing this?

[hadjev]

On MacOS Bitwarden clears the clipboard as expected.
But if you additionally use Alfred's clipboard history, then you have to ignore the bitwarden app. For this go to Alfred's preferences panel -> Features -> Clipboard History -> Advanced -> Ignore Apps. There you can add Bitwarden and from now on it will be ignored.
Tip: You can use Alfred to find Bitwarden, then drag and drop it to to the "Ignore Apps" Panel

[bitwarden-bot]

Hi @steveedmonds,
We're cleaning up our repositories in preparation for a major reorganization. Issues from last year will be marked as stale and closed after two weeks. If you still need help, comment to let us know and we'll look into it.
Thanks!

[prettyv]

This issue (as well as #2606) is still valid, but is blocked due to lack of needed Web APIs. The desktop version is blocked for basically the same reason (#2621), as electron doesn't expand upon the clipboard API in a way that would make a difference here. There's ongoing specification work on Web Custom formats for Async Clipboard API (see also w3c/clipboard-apis#165 and w3c/clipboard-apis#154) which seems to be on the right track but is not yet available.

KeepassXC sends copied passwords with custom mime data (application/x-nspasteboard-concealed-type on OS X, x-kde-passwordManagerHint on Linux, and ExcludeClipboardContentFromMonitorProcessing on Windows) to hint for passwords not to be stored in history, but without finished and implemented specs this isn't yet possible to do in Web environments.

[dunxd]

This shouldn't be marked as stale - at some point in the future this really needs to be resolved.

Marking Bitwarden as an ignored app doesn't work - CopyLess 2 at least treats passwords copied from the bitwarden browser plugin as coming from the browser, and ignoring the browser is not viable.

[Gerben321]

So, what's the status on this? I thought I'd try out Bitwarden instead of KeePass, but this is a major blocker unfortunately.

[prettyv]

The status hasn't changed since two months ago, the needed W3C Spec is not finished yet, and so a possible implementation in Bitwarden will be blocked until that is done (and implemented in Electron I'd think).

[iso-l588]

This issue seems to be still valid as of 2022-08-01. It would be good if at least there was some warning in the settings "doesn't work with KDE klipper" or something similar. I was previously on XFCE using parcellite, there the entry removal worked as expected. Should this maybe be reported as a bug with plasma-workspace?

[rafaelpirolla]

Is there any workaround (automated)? I'm having the same issue on Alfred and Bitwarden browser extensions...

[dunxd]

Use the desktop app and set it as ignored by the clipboard history tool. Or disable the clipboard history tool except when you know you need it

[steveedmonds]

I use the bitwarden browser extension to fill website logins, which are not added to clipper, and keypass to fill non-web logins. On the odd occasion I copy a PW in the extension I go straight into clipper and delete it. Steve

…

On Mon, 22 Aug 2022, 08:15 Duncan Drury, ***@***.***> wrote: Use the desktop app and set it as ignored by rhe clipboard history tool. Or disable the clipboard history tool except when you know you need it On Sun, 21 Aug 2022, 2:23 pm Rafael Pirolla, ***@***.***> wrote: > Is there any workaround? > > — > Reply to this email directly, view it on GitHub > < #1047 (comment)>, > or unsubscribe > < https://github.com/notifications/unsubscribe-auth/AD6W2HO62L5QAY3LBP7Q66TV2IUTJANCNFSM4JFMJJ7Q > > . > You are receiving this because you commented.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <#1047 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA4UVVZ4XFQAPSMQ2QG7BLV2KE4LANCNFSM4JFMJJ7Q> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[rafaelpirolla]

I'm mostly doing the same... :) Thanks for taking the time to reply! Hope there's a standard soon... Regards, Rafael

…

On Mon 22. Aug 2022 at 00:42, steveedmonds ***@***.***> wrote: I use the bitwarden browser extension to fill website logins, which are not added to clipper, and keypass to fill non-web logins. On the odd occasion I copy a PW in the extension I go straight into clipper and delete it. Steve On Mon, 22 Aug 2022, 08:15 Duncan Drury, ***@***.***> wrote: > Use the desktop app and set it as ignored by rhe clipboard history tool. Or > disable the clipboard history tool except when you know you need it > > On Sun, 21 Aug 2022, 2:23 pm Rafael Pirolla, ***@***.***> > wrote: > > > Is there any workaround? > > > > — > > Reply to this email directly, view it on GitHub > > < > #1047 (comment) >, > > or unsubscribe > > < > https://github.com/notifications/unsubscribe-auth/AD6W2HO62L5QAY3LBP7Q66TV2IUTJANCNFSM4JFMJJ7Q > > > > . > > You are receiving this because you commented.Message ID: > > ***@***.***> > > > > — > Reply to this email directly, view it on GitHub > < #1047 (comment)>, > or unsubscribe > < https://github.com/notifications/unsubscribe-auth/AAA4UVVZ4XFQAPSMQ2QG7BLV2KE4LANCNFSM4JFMJJ7Q > > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> > — Reply to this email directly, view it on GitHub <#1047 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACTCW2OISFOD3V5O75NFKZTV2KWCJANCNFSM4JFMJJ7Q> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[ShadwDrgn]

Bitwarden still leaves passwords in plaintext in KDE's clipboard history while tools like KeePassXC do not. :( is there any reason the same solution used in KeePassXC can't be used here? If this is blocked by some kind of standards documentation who would be responsible for authoring that documentation? If this is the developers of Klipper or other KDE devs, has an issue been created on their github requesting that standard?

How do we track whatever blocker is present to getting this done so the community is able to voice it's desire for such a blocker to removed in the appropriate place?

Thanks!

[ridicolos]

For me this is really imported. I don't ever want some of my passwords to be visible in the clipboard history.

Would love to see this be implemented

[PyroDevil]

FYI, I opened 1Password/arboard#129. If that is solved then at least the native client can be changed to hide the passwords on KDE and possible MacOS.

[KAGEYAM4]

Any update on this? I am using KDE Connect and because password goes to clipboad, and there is no mimetype x-kde-passwordManagerHint to "secret", password get to my other kde-connect-devices.

[miditkl]

Also on Windows its saved in my clipboard history