[cornstalks]

How do you work with these terminal-based password managers? Request the password (à la `passbox get facebook`) and then copy 'n' paste it into the website?

Are there any security concerns of the password being in the clipboard/memory (beyond the obvious of accidentally pasting it)?

[RobBollons]

That's definitely a way of using it, another is to just manually type it in as you see it and clear the terminal buffer afterwards. If you do use your clipboard it does require a certain amount of due diligence in making sure you empty it afterwards if you're concerned about that as a security risk. It would be easy enough to create a simple script that could copy it to your clipboard and then clear the clipboard after a time delay.

It would be possible to construct an attack using Flash to access a users clipboard form a web browser.

I know a lot of people like to have browser plugins for password managers but i always feel uncomfortable using them because i don't understand enough about the technology to trust that it wont be vulnerable.

[sasvari]

It would be easy enough to create a simple script that could copy it to your clipboard and then clear the clipboard after a time delay.

pass [0] (see comment above [1]) claims to do that:

  show [ --clip, -c ] pass-name
       Decrypt and print a password named pass-name. If --clip or -c is specified,
       do not print the password but instead copy the first line to the clipboard
       using xclip(1) and then restore the clip‐board after 45 (or
       PASSWORD_STORE_CLIP_TIME) seconds.

[0] http://www.passwordstore.org/

[1] https://news.ycombinator.com/item?id=10190719

[RobBollons]

Clipboard integration probably isn't something i would look to add to passbox myself, but if someone can find a way to get it to work nicely cross platform and submit a PR then i would likely merge it.