Clear password from clipboard after 60 seconds #140
Description
In contrast to pass, browserpass will not clear the contents of the clipboard some time after a password has been copied. Even though the robust auto-filling logic should keep use of this feature to a minimum, it is still potentially dangerous to keep passwords in the clipboard for longer than the user remembers (in my case, sometimes less than a minute ;-)). It would thus be great to have browserpass clear the password automatically after some time.
I believe that it could even be possible to implement this feature without providing any options, simply by making it get out of the way of the user as much as possible. Taking some ideas from pass, it could for example be done this way:
Implementation
- When the user copies a password, create a new one-shot chrome.alarm named
alarm-<password>that will clear the contents of the clipboard after one minute (shortest time possible) if the contents are equal to<password>. Alternatively, if exposing the password to even more browser APIs is not wanted, replace<password>by<drastically truncated hash>. - If the user copies a new password (maybe the same one, who knows?) within the minute, clear the currently set alarm (if any) before creating a new one.
It is also possible to reset the clipboard to its previous contents instead of clearing it. I personally have never liked that feature, as it is tough to figure out what the contents are after some time without trying to paste them, which somewhat defeats the purpose of the feature. Furthermore, if the user copies multiple passwords right after each other, this approach would leave one of the earlier ones in the clipboard in the end.
I would be glad for feedback on both the general feature and the concrete implementation. Maybe we can figure out something that "just works" and can be added without getting on anyone's nerves.