3 replies to this topic

[Aegis Kleais]

For those who have random characters for passwords (generated by random password generators) it would be nice if the game supported the ability to paste from the clipboard rather than require the password to be put in manually.

Hopefully the user won't have to choose between a secure password and ease of logging in.

[Xarian]

If you're copy-pasting your password: it isn't secure, no matter how random you think it is.

[Aegis Kleais]

That doesn't make any sense. How is copy/paste insecure?

• I use a tool that creates randomized variable-length password generation, making the password strength as high as possible. Compare this to other users whose passwords can be guessed often enough through social engineering.
  
• I use a tool that immediately clears the OS' clipboard after a paste attempt.
  
• In the event the PC was compromised with a keylogger, no keys beyond the pressing of the keyboard sequence to copy the encrypted password into the clipboard would be captured. To counter this, latest anti-virus and anti-malware is maintained on the machine. And with the understanding that this isn't a 100% guarantee, it is still putting the user at a better state of protection than to be without it.
  
• The application is responsible for encrypted authentication processing, so whether the password was pasted in or typed in manually, from that point forward, it is outside the control of the user.
  
• The PC is not only secured physically, but is a single-user machine.

So where, exactly, does the insecurity lie in the above processes?

[Adamski]

Either the file where you store the passwords is unsecure, or it is vulnerable to the exact same social engineering that standard passwords are.

Not to mention how having all your passwords stored in a file will restrict you to carrying that file with you for mobile access.

But if that is how you choose to spend your time, all the power to you.