Password manager

I'm using keepass too. Though I'll repeat my warning from the other thread: the auto-type feature (in keepass 1.x) is NOT keylogger safe. The developers recommend using Drag&drop or Copy to clipboard if you're worried about keyloggers.

The Copy to clipboard feature is supposedly moderately safe from clipboard sniffers since it doesn't alert other apps that the clipboard has been updated. Yesterday I tried to check that out, so I just wrote a simple ahk script that pops up a message whenever the clipboard is changed. Turns out it could sniff out the password from the clipboard just fine.

I'm gonna contact the developers for an explanation/fix, but for now I'm using drag&drop wherever it's possible.

04-19-2008 06:26 AM #5
Halv View Profile View Forum Posts Private Message View Blog Entries pro crastinator Join Date Aug 2005 Posts 3,196 Location No hindsight for the blind.	I'm using keepass too. Though I'll repeat my warning from the other thread: the auto-type feature (in keepass 1.x) is NOT keylogger safe. The developers recommend using Drag&drop or Copy to clipboard if you're worried about keyloggers. The Copy to clipboard feature is supposedly moderately safe from clipboard sniffers since it doesn't alert other apps that the clipboard has been updated. Yesterday I tried to check that out, so I just wrote a simple ahk script that pops up a message whenever the clipboard is changed. Turns out it could sniff out the password from the clipboard just fine. I'm gonna contact the developers for an explanation/fix, but for now I'm using drag&drop wherever it's possible.

Reply With Quote

Password manager

Thread Tools

Search Thread

Display

Threaded View

Posting Permissions