Bug 508326

Summary: Klipper should handle copied passwords with special password hint MIME type in a clearer way
Product: [Plasma] plasmashell Reporter: michaelk83 <mk.mateng>
Component: Clipboard widget & pop-upAssignee: Plasma Bugs List <plasma-bugs>
Status: CONFIRMED ---    
Severity: wishlist CC: 4wy78uwh, mk.mateng, nate, qydwhotmail, ricardo
Priority: NOR Keywords: usability
Version First Reported In: 6.3.4   
Target Milestone: 1.0   
Platform: Other   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=156547
https://bugs.kde.org/show_bug.cgi?id=505596
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description michaelk83 2025-08-16 09:51:06 UTC 
SUMMARY
When text is copied with x-kde-passwordManagerHint, the copied text does not show up in the Klipper widget. This is intentional to protect the sensitive password text, but as demonstrated by bug 505596, it's confusing to users, particularly when trying to copy-paste passwords from KWalletManager (or from other password managers that support x-kde-passwordManagerHint).

STEPS TO REPRODUCE
1. Copy a password from KWalletManager.
2. Observe that it doesn't show up in the Klipper widget.
3. (Try pasting it elsewhere - that should still work regardless.)

OBSERVED RESULT
Password does not show up in the Klipper widget (intentionally), but can still be pasted elsewhere.

EXPECTED RESULT
Some better options for Klipper:
 - Display the password with a timeout counter (e.g. 10-15 sec), delete it when the timer runs out.
 - Display the password, but delete it when new text is copied (don't keep in history).
 - Display an entry for the password, but hide the text with dots or asterisks by default. Maybe allow the user to reveal it (eye icon). A reveal icon is convenient, but not mandatory, since the user can still paste the password where it's actually needed.

In any case, steps should be taken to prevent the copied password from ending up on disk unencrypted.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: e.g. Kubuntu 25.04, probably others.
KDE Plasma Version: 6.3.4
KDE Frameworks Version: 6.12.0
Qt Version: 6.8.3

ADDITIONAL INFORMATION
KWalletManager sets the x-kde-passwordManagerHint since version 24.08.0. See bug 156547 and the linked MR therein. A complementary update is needed in Klipper to reduce user confusion.
Comment 1 Roke Julian Lockhart Beedell 2025-08-16 10:18:26 UTC 
(In reply to michaelk83 from comment #0)

> Display the password with a timeout counter (e.g. 10-15 sec), delete it when th
> timer runs out.

All I suggest is don't do this one – it'd be stressful for anyone with a movement difficulty.
Comment 2 Nate Graham 2025-08-18 20:24:08 UTC 
Yeah, agreed. I'd go with option #3.
Comment 3 Ricardo J. Barberis 2025-08-19 16:14:15 UTC 
Hi!

I don't know the internal workings of Klipper so I'm not sure hiding the password is actually more secure.

But please, add an option to disable that behaviuor and keep the password in Klipper and visible (e.g. ignore x-kde-passwordManagerHint completely).
Even a hidden option that we have to set in a config file would be OK by me, so as to prevent people inadvertently activating it and exposing their passwords.

I don't know if my use case is common but I keep a tidy Klipper and delete entries when I'm done with them (especially passwords), so this default behavoiur is pretty invasive to my workflow.

Thanks