undefined | Better HN

0 pointsselykg5y ago0 comments

You're losing out on certain types of phishing protections by doing this.

You're also potentially opening yourself up to any apps/tools that are keeping an eye on your clipboard if you're copying and pasting. Auto-type might help with that, but I also wouldn't hold my breath for such a feature coming.

0 comments

TonyTrapp5y ago

And at the same time you win by not falling victim of "oops, there is a bug in our browser add-on that accidentally leaks arbitrary login data to websites", as it has happened in the past. Leaking all my credentials certainly sounds more concerning to me than leaking the credentials to a single page.

john-shaffer5y ago

KeePassXC asks for permission to share each credential with the browser, with a "Remember" checkbox. You can have convenience for your unimportant logins while keeping your sensitive credentials fully secure.

selykgOP5y ago

Eh.. I'm going to go a different route.

Compromising everything is easier, it means you have to change the password for everything and know it was compromised.

If only SOME stuff is compromised then you don't know what was compromised so you end up having to change everything anyway.

I mean, that's at least my approach. I'd rather know I needed to keep an eye on everything rather than some things. At least then I know I can take appropriate precautions.

AnIdiotOnTheNet5y ago

If you are infected with a clipboard logger chances are it is also a keyboard logger. Frankly, at that point you're unlikely to be saved by a browser extension anyway.

Latty5y ago

I'm not sure I follow. Browser extensions aren't simulating keyboard strokes, so they absolutely would save you in that case.

AnIdiotOnTheNet5y ago

You assume that any malware that is in a position to log keyboard and clipboard events is somehow not in a position to do things like install its own trusted certificate, perform dll injection, or otherwise intercept the password anyway. Not to mention that with all the other things it has access to it might not need said password to fuck up your life.

Its a poor argument for choosing browser extensions over cut & paste because the circumstances where it has an advantage are incredibly specific.

2 more replies

Dylan168075y ago

That depends on how many horrible ideas make their way from phone to desktop.

mikece5y ago

That is the one thing that worries me about iOS (okay: the BIGGEST concern, not the ONLY concern) now that's it has been shown that TikTok and LinkedIn (apps not on my phone) have been shown to be copying the contents of the clipboard. I had not thought of using a browser plugin to avoid clipboard scavengers on non-mobile OSes: I'll have to give that some thought now.

vbezhenar5y ago

iOS have standard API for password managers. There's no reason not to use it.

selykgOP5y ago

Really hoping Apple makes this feature available in macOS so that password managers can hook into it in an official way. Every year I keep crossing my fingers but it never happens.

therealmarv5y ago

And you are gaining that many passwords are not shared with the browser. I rely on in browser password storage (which you can also encrypt e.g. in Chrome) for frequently accessed sites.

I think the separation of concerns outweighs the KeepassXC<->Browser integration part.

If your computer is compromised (meaning occasional copy&paste is not secure) you have WAY more problems than only Keepass and phishing.

voxl5y ago

Auto type is much worse, never use an auto type feature, it can easily fall prey to insertion in hidden input fields.

j / k navigate · click thread line to collapse

0 comments

TonyTrapp5y ago

john-shaffer5y ago

selykgOP5y ago

Eh.. I'm going to go a different route.

Compromising everything is easier, it means you have to change the password for everything and know it was compromised.

If only SOME stuff is compromised then you don't know what was compromised so you end up having to change everything anyway.

I mean, that's at least my approach. I'd rather know I needed to keep an eye on everything rather than some things. At least then I know I can take appropriate precautions.

AnIdiotOnTheNet5y ago

If you are infected with a clipboard logger chances are it is also a keyboard logger. Frankly, at that point you're unlikely to be saved by a browser extension anyway.

Latty5y ago

I'm not sure I follow. Browser extensions aren't simulating keyboard strokes, so they absolutely would save you in that case.

AnIdiotOnTheNet5y ago

Its a poor argument for choosing browser extensions over cut & paste because the circumstances where it has an advantage are incredibly specific.

2 more replies

Dylan168075y ago

That depends on how many horrible ideas make their way from phone to desktop.

mikece5y ago

vbezhenar5y ago

iOS have standard API for password managers. There's no reason not to use it.

selykgOP5y ago

Really hoping Apple makes this feature available in macOS so that password managers can hook into it in an official way. Every year I keep crossing my fingers but it never happens.

therealmarv5y ago

And you are gaining that many passwords are not shared with the browser. I rely on in browser password storage (which you can also encrypt e.g. in Chrome) for frequently accessed sites.

I think the separation of concerns outweighs the KeepassXC<->Browser integration part.

If your computer is compromised (meaning occasional copy&paste is not secure) you have WAY more problems than only Keepass and phishing.

voxl5y ago

Auto type is much worse, never use an auto type feature, it can easily fall prey to insertion in hidden input fields.

j / k navigate · click thread line to collapse