Firefox protects stored passwords from being copied after autofill, but you can totally see your password if you go into Firefox settings and click the “copy” button beside the stored ••••••••s
Once you have even selected text it can be pasted somewhere, or copied to the clipboard for anyone to see be they running KDE, Gnome, Cinnamon, XFCE, or even i3 - the machine doesn’t know if horsebatterystaplecorrect is your password, or if your space bar is broken.
Yup - just wait until OP finds out that the passwords he mistyped on the command line when that had focus instead of the browser window, or any accidental retries after sudo bailed out are just sitting there in plain text in their $HISTFILE…
I believe the main miscommunication here is that you think of the Plasma clipboard as an application - like the GNOME extension or “clipboard managers” for Windows or Mac.
But this is not what the Plasma Clipboard is - the Plasma Clipboard is the actual clipboard thing of Plasma: when you press CTRL+C, this is the thing that holds the copied text (or image, or whatever you copied). When you paste - the Plasma Clipboard is what is providing the thing to paste. Unlike other operating systems, in Plasma the clipboard has an icon that shows you stuff and let’s you configure extra clipboard features that Plasma offers, and if you don’t like to use them, you can disable the clipboard icon but you aren’t allowed to disable the clipboard itself.
If you may ask - why is the clipboard icon not disabled by default? The answer is simple - the Plasma team thinks more people should know about the marvellous features that the Plasma clipboard offers, and if the icon is disabled by default then users will not find them very easily, if at all.
That’s not entirely true. Applications hold the data in the clipboard. And transfer it to the other app upon pasting. The problem is that if you would close the app you cannot paste anymore what you copied since the application is gone.
That’s why we need a clipboard manager which will claim the clipboard in that case
This is less about the Clipboard manager though, and more about the system’s own clipboard functionality itself:
hiding or disabling the Clipboard manager does nothing about disabling common keyboard shortcuts (CTRL+X/CTRL+C/CTRL+V) or common context menu options (Cut/Copy/Paste).
At least under Wayland (and possibly Xwayland), it would seemingly be possible to globally disable all clipboard functionality across all selections (PRIMARY, SECONDARY, CLIPBOARD).
I certainly agree that it would be a useful feature to have for certain usecases, I discussed this a few days ago here:
I think that having the option to disable the actual clipboard is a good idea: you can prevent an entire class of vulnerabilities (fat-finger-error/human error), which would be extremely useful in security-critical usecases.
For example, when working with financial data or crypto stuff, you have to be really careful to not accidentally copy/paste sensitive data somewhere it doesn’t belong, and you have to manually empty the clipboard all the time (which isn’t foolproof either, considering that doesn’t 100% protect you while you’re working with the data, only when you’re done).
If you know in advance that you’re not gonna use the clipboard in a scenario where clipboard functionality introduces vulnerablities, it makes a lot more sense to have this option instead.
It could be a simple toggle in Klipper settings or the accessibility settings.
I’ve been using “Ditto” on Windows for years. I couldn’t live without it.
Me thinks that people that don’t use a clipboard manager are mad.
Not at all concerned about the security issues here. The lack of features is another thing.
The developers should look more closely at “Ditto” because that have been developed over many years, maybe a couple of decades and has matured into a product with a near complete coverage of the features needed.
There are 3 features missing in Klipper that really improve workflow.
click and paste - not just put an item on the top of the list but paste it as required.
paste without formatting - Ditto uses “enter” to “paste and shift” enter to paste without formatting. This is bigly useful when constructing documents to eliminate formatting from the web.
multi select and paste. Ditto’s implementation is what you have selected on the clipboard is pasted in one go in the same order that it was selected.
Here the use case, copying an article from the web for research.
Copy heading Copy author Copy date Copy body of article Copy URL
Select all as required
Paste without formatting
If you really want to go next level after that… I’d like a “forever” memory for the stuff I need to use often. My tax file number, email, logo, a few words I can never remember the spelling of.
As for what I don’t like about the current implementation… the in-place list, Meta V here, doesn’t scroll rather has a panel opening. It’s inconsistent without how it is implemented on the task bar and pretty awful for many reasons. Couldn’t this just be a list with a scrollbar?
First of all, as others notes, you can always open the applet and remove unwanted entries from the history immediately.
Secondly, if you’d use a password manager like KeePassXC (which you really should), they tend to clear the copied credentials from the clipboard automatically after 10 seconds timeout.
Lastly, hiding an applet won’t solve anything if you didn’t reconfigure it to not store any entries at all. The history would still be stored and available, for example, with Meta+V shortcut.
@Yani_Haigh these features are interesting and seem useful, but most of them can’t be implemented in Wayland because it requires one application (the clipboard manager) to inject actions into another application - and in Wayland that is a big no-no:
The click action on the clipboard manager should inject a “paste” command in the active application. You can’t do that in Wayland, and I’m not sure you can in X11 either.
The concept of “paste without formatting” is very possible as an application can see that the clipboard content has both a “rich text” content and plain text content and prefer the plain text - but the application has to do that (and many do). For the clipboard manager to do that, especially from the clips list, it again needs to inject commands into another app.
That would be an awesome feature, but it will have to be implemented in the clipboard UI as “select all these entries and merge them” then the user can go into the app and request a standard paste that will get the merged entry.
I personally would also love the option of pinning clipboard entries so that they will never be forgotten. Currently I just set the history size to the max and hope that I use such entries often enough that they are kept.
A clipboard manager is a killer feature and a major UI/UX enhancement, BUT, using it to copy and paste passwords is a security risk because it stores everything in plain text which means that anything with unprivileged access can read it.
The solution is: don’t use it with passwords, or, if you must, then quickly delete clipboard history after such a use.
Since modern passwords can be long and hard to type, use a password manager. IDK about other applications, but KeePassXC has an autotype feature that looks up the correct password and types it for you directly into the application without using the clipboard. This avoids the whole problem while making password management much easier. I use almost all random passwords (around 200 of them) that I can’t remember or type easily, The app makes it easy.
Does it all lose focus on where it is at once the clipboard is opened?
Surely there is a way when if you are in a field and you go to paste that the paste operation can but put on how while you sort out the clipboard. Then just drop it in as the focus is returned to the field.
Rather it requires the application with the field where you have hit the paste key to wait until you configure what is to be pasted.
Does that make sense or is the copy/paste stuff too deeply part of the OS to enable a pause?
I would like to throw in a word for Bitwarden, one of the very few password managers that has NOT been hacked, probably because it is also one of the few that is open source.
I installed a server (nginx running bitwarden and nginx proxy manager managing the reverse proxy) on a raspberry pi and are not connecting anything to any cloud servers.
I MANAGE and keep the database of mine and my families passwords LOCALLY (with a reverse proxy so I can use xxx.someadress.com as server, made a free account on https://freedns.afraid.org/).
Works flawlessly and I AND ONLY I have access to the password database.
Also gives me access to this (that seems to be what op is looking for, clean clipboard after x seconds):
Plugin works on computers (windows, mac & linux) and phones (android and iphone) and plugins in all sorts of web browsers, but I have only tried firefox.
My mother uses an iphone and it works flawlessly to store and use her passwords, and they are now no longer “password123”.
That’s actually a good question - when the application requests the content of the clipboard, it makes an API call through the Wayland/X11 server that will call into the clipboard owning application (which should be your clipboard manager). If the owner then wants to pop-open some UI - maybe it can?
I’m worried about a few tings - one is the Wayland security model, but maybe I’m just paranoid (because of all the times I butted heads with Wayland developers about this). The second thing is that I think the UX will be terrible if every time you hit CTRL+V, something is going to pop up, and I can’t think of a good way for the clipboard manager to know if it needs to pop up or not.
I’d be happy to have it pop up every time as long as just hitting return took the top item. I’d be happier if it only brought up the list with “meta + v”.
Are there other clipboard manager that we could look at to see their approach?
Many - just open Discover and search for “clipboard manager”. Most (all?) of the things there are built for GNOME (that doesn’t have native clipboard management functionality), though, so YMMV.
