"One shot" or expirating copy paste

atanere said:
If you have a keylogger stealing your auto-type, you've already been hacked.
Click to expand...
How could that happen?
I'm under impression a malware can't access internals of a password manager, unless it can grab password from login form as it's auto-typed?
 


Let me refer back to the KeePass link I gave earlier...

KeePass 1.x Only
No.The Auto-Type feature has been designed in a way that it's impossible for target applications to distinguish real keys from auto-typed ones. This on the one hand has the advantage that the feature is really compatible with all applications out there. On the other hand, the auto-typed keys can of course be logged by keyloggers.If you worry about keyloggers, you have to use one of the other methods (drag&drop, copying to clipboard, KeeForm, ...).
Click to expand...

KeePass 2.x Only
By default: no. The Auto-Type method in KeePass 2.x works the same as the one in1.x and consequently is not keylogger-safe.

However, KeePass features an alternative method called Two-Channel Auto-Type Obfuscation (TCATO),which renders keyloggers useless. This is an opt-in feature (because it doesn't work with all windows) and must be enabled for entries manually.See the TCATO documentation for details.
Click to expand...

I can't say that Password Safe has this same deficiency, but it may. It's been a long while since I used PSafe, but I remember it to be very similar to KeePass.

I would note in the first quote above that it also suggests using drag-and-drop and the clipboard as an alternative to auto-type if keyloggers are a risk. KeePass can do drag-and-drop, but KeePassXC cannot, if I'm not mistaken. I don't know about PSafe. I'm not really sure that drag-and-drop is any different than copy/paste, but maybe so.
 
atanere said:
I would note in the first quote above that it also suggests using drag-and-drop and the clipboard as an alternative to auto-type if keyloggers are a risk.
Click to expand...
Clipboard is surely the worst option or not an option at all, but drag&drop I think is no different than auto-type, one is manual method another is auto.

pwsafe has drag&drop.

But now I think I'm going to research more about how can drag&drop and auto-type be deficient, didn't know that, so thanks for letting me know!
 
I'm gonna go learn a little more too... I already have. :)

I've downloaded PSafe, so I'll be sure to give it a go shortly. KeePass is my usual (using drag-and-drop). Cheers.
 
You must log in or register to reply here.

Similar threads

MikeRocor
clipboard / copy / paste
Replies
11
Views
1K
Egzoset
Egzoset
M
  • Locked
copy and paste problems
Replies
19
Views
4K
wizardfromoz
wizardfromoz
Jarret B
Python Series Part 8: Data Structures
Replies
0
Views
2K
Jarret B
Jarret B
Jarret B
Installing and Using DOSBox-x on Linux
Replies
0
Views
6K
Jarret B
Jarret B
Sherri is a Cat
The Neighbor, Horses, Cats and One Witch
Replies
1
Views
923
The Duck
The Duck


Members online

Total: 992 (members: 5, guests: 987)

Latest posts

Top