Bug 470123

Summary: Hide clipboard entries that are likely to be passwords
Product: [Plasma] plasmashell Reporter: Miguel Guthridge <hdsq>
Component: Clipboard widget & pop-upAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED INTENTIONAL    
Severity: wishlist CC: nate
Priority: NOR    
Version: master   
Target Milestone: 1.0   
Platform: Fedora RPMs   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=156547
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Miguel Guthridge 2023-05-22 12:48:46 UTC 
When passwords and other sensitive information (such as credit credit card numbers) are copied, there is a risk that users could inadvertently share them with others by opening their clipboard history. 

This risk could be reduced by displaying text that is likely to be a password as a series of dots (eg "MyPassword123&" could be displayed as "•••••••••••••• (password)"). 

Ideally, we could also provide a "peek" button in the clipboard picker to allow users to inspect the copied contents before selecting it.

I don't know a huge amount about how the clipboard works, but if it's also possible to add metadata to copied text saying "this is a password", that could be another trigger for Klipper to hide the contents.

I'm not an expert at C++, but it could be fun to try to tackle this myself if people like the idea.
Comment 1 Nate Graham 2023-05-22 20:54:42 UTC 
But how could we detect that something is likely to be a password or a credit card number? Any heuristic we could implement would be either so inaccurate as to be useless, or so over-broad as to trigger at a lot of inappropriate times. I don't think that would work, sorry.

As you suspected, there is already a supported way for apps--which know whether something is a password--to provide a hint to Klipper to not display the text. They need to set the "x-kde-passwordManagerHint" metadata hint in the MIME data for the copied text. So IMO the path forward is for apps to set that on known-sensitive data when it's copied.