Page 1 of 1

Pasting passwords into browser

Posted: Tue Apr 03, 2018 2:45 pm
by Vincent17
Hello,
I have been using a password manager (fpm2 from PuppyLinux) for years to paste username and password into web sites. Lately, it seems that this is being blocked. Keepass also does not work.

It is claimed that pasting passwords is a security risk (2012); that javascript can reveal pasted text remotely.

On the other hand, having to type the password discourages the use of long random passwords and potentially exposes them to keyloggers. (By the way, I exit the clipboard manager first so passwords don't show up in its history.)

There are workarounds, such as
https://www.ghacks.net/2014/07/26/paste ... -internet/
https://www.cyberciti.biz/linux-news/go ... n-website/.

I have tried "Don't f*** with paste" extension in Vivaldi, and it permits pasting password, but not username for some reason. However, I don't know if I can trust this extension.

I think I've googled this to death, so I'm asking for facts and opinions here, before I switch all my passwords to horse staple battery. (I don't believe that's a long password, but that's another topic!)

Thanks in advance.

Re: Pasting passwords into browser

Posted: Tue Apr 03, 2018 2:56 pm
by Eadwine Rose
I use lastpass in both chrome and firefox. Both paste it and the username in nice and neat.

Re: Pasting passwords into browser

Posted: Tue Apr 03, 2018 3:45 pm
by richb
I use Lastpass as well, and have used Keeper in the past. Passwords are saved in the cloud if that bothers you. Both paste in web pages with no problem. An Open Source solution is bitwarden.

For local storage and "pastability" KeePassXC is available in our Test repo. I have not tried it.

Re: Pasting passwords into browser

Posted: Wed Apr 04, 2018 6:09 am
by Fornhamfred
KeypassX works for me and have had no trouble entering user names and passwords. Also can be used in Android.

Re: Pasting passwords into browser

Posted: Wed Apr 04, 2018 10:41 am
by Vincent17
Thanks for the suggestions. I had tried kee-something before and it behaved like fpm2; I saw so much discussion of this on web sites that I assumed it was a general problem. Richb guessed right, I'm cloud-phobic, so I did not try lastpass. Keepassxc works as promised, though, so it's getting a trial period. Boy, did I have fun converting fpm2's xml export file into csv format!

FWIW, observations so far: The option to clear clipboard after 10s does not clear clipit history. Paste operations work without clipit. No option to change browser? e.g. firefox --private