Skip to content

How can we improve Proton Pass or Authenticator?

← Proton Pass & Authenticator
That idea has been deleted

Make text from ProtonPass web browser extension private

Clipboard managers have internal functions that tells them not to remember stuff copied from certain sources, which is the behaviour we'd want from whatever comes out of password managers.

Unfortunately, the copied text coming out of the ProtonPass web browser extension (at least on Firefox) is plain text and my clipboard manager remembers it forever in its memory, which is not ideal for security. (I'm using Pasteboard Viewer to check the type of text that is stored in the clipboard.)

Apparently, there is a way to tag text as sensitive from browser extensions: this was reported in an issue on the repository of a clipboard manager (https://github.com/p0deje/Maccy/issues/561), and its developer suggested the browser extension developer to implement http://nspasteboard.org/ standards. Once the extension developers properly tag the copied text from a password manager extension, Maccy will recognize it and handle it approprietly.

It would be great if this could be implement in ProtonPass.

67 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

vroni shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • W. commented  ·   ·  Report

    This needs a fix, but might be very tricky since an OS clipboard function is used.
    What is the experience with the competitors? (and the diferent platforms)
    Or do they have the same problems?
    At least make people aware of the risks/differences per platform.
    Then people can consider to manually type a prefix or suffix to the password on sensative logins.But then again, keyloggers do exist as well.

  • Eddieb commented  ·   ·  Report

    I just realized this by chance. Big security issue. There's many passwords in my clipboard manager (Paste on Mac) from copying them from Proton Pass because Proton Pass's option to delete copied passwords after a designated amount of time doesn't extend to clip board managers.

  • Paguro commented  ·   ·  Report

    Implement a pasteboard type to tell clipboard apps to also ignore content from the browser extension and website to prevent apps storing sensitive credentials.

  • Poly Ester commented  ·   ·  Report

    Proton Pass has a security flow.
    If you are using a copy/past tool that remembers the last n copies (I use Jumpcut on OSX) when copying a password from Proton Pass, that password is going to be in clear in the copy/past tool.
    The fact is that 1Password does not have this flow. I don't know how they do it, buy a copied password or anything else is not saved in other applications reading the clipboard. I can paste it in a webform of course (limited time to do so).

  • User commented  ·   ·  Report

    Yes, abysmal that this is the case with Paste for macOS.

  • Guilhem commented  ·   ·  Report

    ^ This, I wonder why it hasn't been set as top priority for Protonpass. Just do not store my passwords into clipboard history.

  • Morgan commented  ·   ·  Report

    There is the same problem on Windows with the clipboard history.

  • Nicola Jelmorini commented  ·   ·  Report

    With the KeePassXC app, when I copy for instance the user or the password fields, the values are not stored in the clipboard manager of my system. In my case Klipper for KDE Neon Linux OS.
    This is useful for improving the securitiy of my logins.

Proton Pass & Authenticator: Changes to existing features

Categories

Feedback and Knowledge Base

(thinking…)