Learn how to receive a bit more security from the Enpass Password Manager, by changing the clipboard timeout.
The Enpass password manager has become my go-tool tool for managing one very important aspect of device and account security. I use Enpass on Linux, Android, and macOS. And because I use the built-in password manager, the vast majority of my passwords cannot be memorized (at least not without an eidetic memory or spending far too much time repeating those passwords). Some of the passwords are so complex, even trying to type as I read them from the Enpass app can lead to failure after failure. Because of this, I tend to use the copy feature nearly every time. However, using that feature can lead to security issues. Why?
To answer that question, let's first consider the copy function on the mobile version of the app. Once you've pasted a copied password, it is removed from the clipboard. In other words, that password isn't remembered.
SEE: Information security policy template download (Tech Pro Research)
Why the desktop app is a security risk
On the desktop app, this is not the case. On the desktop version, if you copy a password, and paste it, the password isn't automatically jettisoned from memory. In fact, out of the box, that password is remembered for 30 seconds.
For some, that's a pretty good amount of time to get to the app awaiting the password. For others, however, the copy and paste action happens in just a few short seconds. That means you might wind up with a password remaining in memory for 20-25 seconds.
What if you copy that password and immediately step away from your desktop? There's still enough time for someone else to paste that password into an email and send it on. And because that password can be copied in plain text, it's not hidden from sight.
How do you remedy that? Fortunately, the Enpass desktop client allows you to change the clipboard timeout. To do so, open Enpass and click on the gear icon. From the menu, click Security. In the resulting window, change the Clipboard timeout to a more reasonable number (say five or 10 seconds). Once you take care of that configuration, you won't need to worry about the password remaining in memory for longer than necessary.
This may sound like an unnecessary measure to take, but when it comes to the security of your accounts, every little step forward is important.
- How to cloud-enable Enpass Password Manager (TechRepublic)
- How to install password manager Enpass and sync it with your Google Drive account (TechRepublic)
- Password managers: A cheat sheet for professionals (TechRepublic)
- How to enable LastPass to save passwords for Android Oreo autofill (TechRepublic)
- The reason why 'ji32k7au4a83' is a common and terrible password (ZDNet)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)