[clug] unusual password retention in browser
Eyal Lebedinsky
eyal at eyal.emu.id.au
Mon Aug 17 06:58:14 UTC 2015
On 17/08/15 16:23, Michael Ellerman wrote:
> On Fri, 2015-08-14 at 14:59 +1000, Eyal Lebedinsky wrote:
>> I recently noticed a strange thing, where it seems that my password is retailed after being used.
>>
>> Here is the simple scenario
>> - log into my bank with details I have in a file (file-1).
>> - copy+paste access code
>> - copy+paste password
>
> At this point you could run:
>
> $ xclip -o
Did not know of this one, and is not on my system (now installed).
> And you should see your password, then:
>
> $ echo | xclip
> $ xclip -o
>
> And it should say no string available.
No message, just empty string (actually a newline unless I use 'echo -n')
> Does that help?
Yes, a useful tool.
>> - click login
>> I am in
>
>
> While I'm here I recommend:
>
> http://www.passwordstore.org/
Had a quick look, it is interesting. As is often the case these days the page provides
no indication of any validity dates. Was it inactive for the last 5 years? I cannot tell...
> Basically a "password manager" that just stores your passwords in gpg'ed plain
> text files.
I use vi with gpg wrapper that attempts to keep things somewhat safe (e.g. no ~ file).
> It also has the feature of clearing the clipboard after a configurable timeout.
This is nice. I will need to see if it also clears other stuff I actually want to keep
in the cb.
> cheers
Thanks
--
Eyal Lebedinsky (eyal at eyal.emu.id.au)
More information about the linux
mailing list