Secure clipboard actions

cancel
Showing results for 
Search instead for 
Did you mean: 

Secure clipboard actions

0 Kudos

Secure clipboard actions

LastPass can apply credentials in a couple of ways: AutoFill, which requires permissions for the add-in to apply that information to a secure web field OR "copy and paste". The latter, allowing for use in other applications (and pretty much everything else) but it now has important information held in cleartext. This is a problem because if a system was compromised, this is an attack vector that can be exploited.

Suggestion - Have the ability to set the password to expire within a short period of time (can be toggled and adjusted) from the clipboard. This would reduce the ability for malicious actors to use the clipboard feature as an attack vector and in turn reduce the attack surface.

1 Comment
GlennD
LogMeIn Manager
Status changed to: Delivered

This is already a security setting in the LastPass extension Preferences: https://support.logmeininc.com/lastpass/help/how-do-i-change-my-advanced-settings-in-preferences-for... The clipboard is wiped after 60 seconds, but the delay is configurable.