[LINK] Disable clipboard for password input

Kim Holburn kim at holburn.net
Mon Jun 30 10:08:50 AEST 2014


If you use firefox get this extension:

Disable clipboard manipulations
https://addons.mozilla.org/en-US/firefox/addon/nocopypaste/

About this Add-on

No configuration required, the extension is immediately active after installation. Web pages will no longer be able to listen to copy, paste and cut events to learn what you are copying or pasting, they won't even know that you do it at all. And they won't be able to interfere to push unwanted content to your clipboard when you copy text.

There are legitimate uses for these events (online editors) but these are irrelevant for most people. It is unlikely that you will ever notice the  functionality loss.



On 2014/Jun/30, at 8:48 AM, Paul Bolger wrote:

> My mobile phone company recently redid their website. When I tried to
> log in to the new site - using my normal method, copy and paste the
> password out of KeepassX - I discovered that they have disabled
> clipboard access to the password input field via javascript.
> 
> I rang them up and the person on the other end told me that this was
> intentional and had been done for security reasons. I asked if he was
> aware of anyone else who had taken this step as I had never
> encountered it before (actually, I think I may have, but that was back
> in the 90s). He named some obscure gaming site.
> 
> It seems to be that disabling the pasting of passwords could only
> really have a bad effect on security. I can see no mechanical benefit,
> a keylogger is going to be just as good at recording a manually keyed
> password as a pasted one, and forcing users to key in their password
> just about guarantees worse passwords.
> 
> Can any linkers think of a reason why doing this would be a good idea?
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 







More information about the Link mailing list