My new Android 8.1 smartphone has a 7-entry clipboard stack. When a new item is placed on the clipboard, instead of replacing the current clipboard entry, the new entry is placed onto the bottom of the stack and pushes the current contents of the clipboard up the stack.
When KeeFox automatically attempts to clear the clipboard after copying a password, it does so by copying a meaningless string (***
) into the clipboard. In earlier Android versions with a 1-entry clipboard, the meaningless string would replace the copied password in the clipboard, effectively erasing it from memory.
But in the new version of Android with the 7-place stack clipboard, the meaningless string only pushes the copied password up the stack, and it remains there until the phone is rebooted, or until 6 more items are copied into the clipboard, or until the clipboard entry is manually deleted using the clipboard manager.
Here’s an easy-to-implement solution to this security risk: Instead of copying the meaningless string (***
) into the clipboard when it’s time to erase the copied password, why can’t KeeFox copy that meaningless string into the clipboard 10 times (or 20 times or 100 times)? As long as the string is copied at least as many times as there are spaces in the clipboard stack, doing so will have the effect of removing the previously copied password from the clipboard stack. Perhaps there can be an user setting in KeeFox for the number of times to copy the meaningless string, and it can be set to 1 for old-style flat clipboards or to anything >1 for stacked clipboards (7 in my case).
Copying the meaningless string more than once would be computationally trivial, unless it’s done thousands of times.
How about it? Can this be implemented? Having to remember to erase the password from the clipboard stack every time is a pain in the neck and a huge security risk. I know copying passwords into the clipboard is a security risk in the first place, but the key to limiting that risk is limiting the amount of time the password persists in the clipboard.