cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor

Copy to clipboard is a security risk in Android

When I need a password I go to lastpass app, and I copy to clipboard.  I past it into the form field that I need.  This is a practice that I do usually when I'm generating a new password.  I don't usually do this, as I can just click the form field to have lastpass populate the password.

 

What the issue is: copy to clipboard leaves the password in the clipboard forever.

My suggestion:  when copy to clipboard is used, then check the clipboard for the password, and silently delete the password after 5 minutes, so it doesn't persist in the clipboard.

 

I know how to use LastPass.  I'm a software tester, so I'm very aware of computers and software works.  I'm very aware of the capabilities of LastPass, and I like this quirky little password manager, which is why I use it.  Do not give me advice on how to use it, because if you feel like doing that you're missing my point here completely.  Read my statement again if you're tempted to give me advice.

 

When "copy to clipboard" is used there does not appear to be any clipboard cleanup that occurs to make sure some other app doesn't read the clipboard and access a password.  

2 REPLIES 2
Highlighted
New Contributor

Re: Copy to clipboard is a security risk in Android

I guess Trump, Snowden, and Aliens are more important topics right now.

LogMeIn Manager

Re: Copy to clipboard is a security risk in Android

Hi mkendallm,

 

The LastPass Android app has built-in non configurable routine to clear the clipboard after 30 seconds. As you have tested this the routine must not be running, what version of Android does your device use?

 

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!