[clug] unusual password retention in browser

Eyal Lebedinsky eyal at eyal.emu.id.au
Mon Aug 17 06:58:14 UTC 2015

On 17/08/15 16:23, Michael Ellerman wrote:
> On Fri, 2015-08-14 at 14:59 +1000, Eyal Lebedinsky wrote:
>> I recently noticed a strange thing, where it seems that my password is retailed after being used.
>> Here is the simple scenario
>> - log into my bank with details I have in a file (file-1).
>> - copy+paste access code
>> - copy+paste password
> At this point you could run:
> $ xclip -o

Did not know of this one, and is not on my system (now installed).

> And you should see your password, then:
> $ echo | xclip
> $ xclip -o
> And it should say no string available.

No message, just empty string (actually a newline unless I use 'echo -n')

> Does that help?

Yes, a useful tool.

>> - click login
>>     I am in
> While I'm here I recommend:
> http://www.passwordstore.org/

Had a quick look, it is interesting. As is often the case these days the page provides
no indication of any validity dates. Was it inactive for the last 5 years? I cannot tell...

> Basically a "password manager" that just stores your passwords in gpg'ed plain
> text files.

I use vi with gpg wrapper that attempts to keep things somewhat safe (e.g. no ~ file).

> It also has the feature of clearing the clipboard after a configurable timeout.

This is nice. I will need to see if it also clears other stuff I actually want to keep
in the cb.

> cheers


Eyal Lebedinsky (eyal at eyal.emu.id.au)

More information about the linux mailing list