Passwords, whether they’re for an online service or for our local Windows account, need to be guarded carefully. A leaked password can often help anyone with malicious intent guess what your other passwords might be. People who use important numbers like their birthdays in their password put themselves at even greater risk. General safety protocol says you shouldn’t use the same password for multiple accounts, nor should you write it down anywhere it can be found easily. Many people resort to using password vaults i.e. services like LastPass so they don’t have to write passwords down or bother to remember them. For the most part a password vault is a safe and secure way to store passwords unless of course users compromise security by copying passwords to the clipboard. The clipboard is a Windows feature that every single app on your system has access to. There is no way to filter out which apps can and cannot access content on the clipboard. If you’ve installed a malicious app on your system then copy/pasting passwords to/from your clipboard is a security risk.
When You’re Not A Risk
We say copy/pasting passwords from the clipboard is a potential security risk but not that it is a given security risk. If you only have trusted apps, downloaded from a trusted source with valid licenses etc, running on your system then you don’t have anything to worry about. Copying your password to your clipboard so you can paste it into a password field is not dangerous.
When You Could Be At Risk
If you install apps that Windows warns your against, ones that look unsafe, use keygens and cracks, or download apps from untrustworthy repositories instead of the official website you might be at risk. The risk doesn’t come so much from the app but from the source it is downloaded from. The app installer might be bundled with a malicious program. The keygen or the crack you’r using might be phoning home without you knowing it.
Your browser might also pose a risk if you have a shady website open though in this case, you should probably exercise caution when visiting a website.
If you have a clipboard managing app installed, one that maintains a history of all items copied to your clipboard, you might also be at risk. Unless the app regularly scrubs items from its history, it might be a risk to copy your password or any other sensitive information to your clipboard.
The Human Error Risk
To err is human and err humans do. You’ve probably heard of people accidentally sharing inappropriate links to their social media account because said link had been copied to their clipboard. The same can happen with a password copied to your clipboard. You might accidentally paste it inside a document or presentation you’re working on, an email you’re writing, or just your latest Facebook post.
How To Stay Safe
- Don’t install shady apps. Don’t use keygens or cracks.
- Always download apps from the official website
- If you have to download an app from an untrusted source, run it through Virus Total to be safe
- If you do copy a password to your clipboard, immediately copy an image or something else to it once you’ve pasted it where you want it to
- Weight the need to have a clipboard managing app against your ability to keep your sensitive information out of your clipboard. If you know for a fact that you won’t be copying your Facebook password to the clipboard, ever, only then will a clipboard managing app be safe to use
These risks aren’t limited to just passwords. If you ever habitually copy sensitive information to your clipboard such as the answer to a secret question, activation codes, or your credit card number, you put yourselves at risk. It’s safer to not copy passwords or any other sensitive information to the clipboard.