You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
keepass2 (and specifically keepass2android) both implement this. Keepass2android uses its own keyboard to copy/paste, which bypasses any attempt by malicious apps to read the clipboard.
A German research team has demonstrated that most clipboard-based access of credentials as used by most Android password managers is not safe[1]: Every app on your phone can register for changes of the clipboard and thus be notified when you copy your passwords from the password manager to your clipboard. In order to protect against this kind of attack, you should use the Keepass2Android keyboard: When you select an entry, a notification will appear in the notification bar. This notification lets you easily switch to the KP2A keyboard. This is a simple keyboard with an important key: click the Keepass2Android symbol to "type" your credentials. Click the keyboard key to switch back to your favorite keyboard.
curious on the status of this, a year later. Was this added and this issue just wasn't closed? This is a pretty important security issue for Android Password managers.
edit:
There's a discussion about Android security going on right now on Hacker News where the top comment brings up the clipboard issue again. This issue is huge and is making me already plan on switching to KeePass and Keepass2android.
For desktop, this will be trivial.
For mobile, I might need to modify the clipboard plugin(s) to allow background access...
The text was updated successfully, but these errors were encountered: