After realizing how every program running on your machine can Snoop on your clipboard I'm never allowing any program to send my password to the clipboard again.
Haven't you pretty much already lost when you can't trust the programs running on your machine? If they can snoop on your clipboard, they're probably also able to access your sensitive files, log key presses, take screenshots, install browser extensions etc.
Sorry, I must have been very tired last night. This morning, I can't remember (or figure out) which actions I was thinking of when I wrote that.
The only one that still jumps out to me is browser extensions—I'm pretty sure none of the major browsers allow that without user approval within the browser. You'd have to do something nasty which would require root.
>The only one that still jumps out to me is browser extensions—I'm pretty sure none of the major browsers allow that without user approval within the browser. You'd have to do something nasty which would require root.
I've admittedly never tried it, but as far as I understand, installing an extension in Firefox just involves copying the corresponding .xpi file to the profile folder (which is owned by the user, not root) and modifying a few configuration files (e.g. extensions.json). I don't see why some other program wouldn't be able to do that.
If root access were required, you'd have to supply your root password every time you wanted to install an extension.
This is in addition to the fact that Firefox has absolutely mandatory code signing for extensions (the only recourse is to recompile Firefox). That's something I'm very much not happy about, but does have upsides.
I'm far less worried about that than I am about one website breach resulting in my accounts on other sites being compromised.
Perfect security doesn't exist, of course, so somewhere in the middle lies a good compromise that trades off risk and convenience. For me keepass on a synced drive hits the mark.
Not sure what the solution would be if you don't trust local programs - Keepass' paste method already bypasses the clipboard IIRC by entering directly into the fields.