Why you should never copy paste your passwords?

Share this POST : - -
- - Share - - - - -

Everyone knows that the Password input field(login field) also accepts copy+paste and this is the biggest security failure since the internet era. If you think, you are smart enough and can’t be hacked by a hacker you should probably give it a second thought. Sometimes little mistakes can be highly devastating and there is no shame in admitting that we all do make mistakes and careless at times.

never copy paste password

You will never hear any security personnel or any website saying they are hack-proof because the truth is, there is nothing called hack-proof, but the noobs just don’t admit it. The hackers have been successfully phishing bulks of credit card data, social security numbers and off course your online identity with very simple tricks.

Do you know every big and small company has a hacking history? Yes and these companies includes twitter, Google, Microsoft and also NASA. of course you can check that for more information if you want. And remember No one is safe here, if you think you are smart enough, buddy you are at big RiSk.

Now lets get back to our topic. almost everyone of us do copy-paste work..Right? isn’t it so simple just press Ctrl+C (copy in windows) to copy and Ctrl+V (paste in windows) to paste?. we all are so used to it that we even copy-paste our password in the login fields. some are so lazy that they cant even type their 8-char password. and that’s where comes the biggest Risk. believe me it’s not at all safe. and Actually, it doesn’t really matter how complex or large your password is, if you use copy and paste option to enter password using any browser such as Internet Explorer then you are at a Big Risk my dear.

Most of us are active on many websites including social networks and for good reasons we setup different passwords (which is a good thing), But gradually it becomes tedious to remember so many passwords and we end up creating an excel sheet or text document of our passwords and later we just copy and paste whenever required. So we finally make that small mistake which is enough for the Cyber Criminals.

How is This Possible?
when you copy any data on your PC including all the big files such as movies,etc, it gets stored in the clipboard (your system) and this clipboard data is accessible from the internet with simple JavaScript and can be further stored on a database using any server side language. It is a very simple yet effective trick to steal unauthorized data. that means your friend sitting far away from you on the PC can access any data that you have copied using simple JavaScript. Yes It is a very simple yet effective trick to steal unauthorized data (personal information).

Try it yourself!

Works only on Internet Explorer

step1 Copy any random text from this page or from your PC.
step2 Open your Internet Explorer 6 and go to http://www.hacker9.com/your-clipboard-data
You will see your last clipboard data on the message box, Surprised?,. you shouldn’t be..
If you are using Internet Explorer 8, you will be asked to choose whether you want to allow the webpage to access your clipboard data or not.

The clipboard hacking Java Script for IE

<script language=”JavaScript”>
var content = clipboardData.getDataundefined”Text”);>
alertundefinedcontent);
</script>

This script works only on internet explorer, and not on Mozilla Firefox browser or any other but this doesn’t mean that you are safe. there are scripts for that too. for security purpose i have not listed other scripts.

As you saw it successfully displayed your last copied text, its also possible to save that data on the database on another server and later on hacker can easily access that that. This test proves that how unsafe it is to work with CTRL+C while you are online. Hence, do not keep sensitive data – like passwords, credit card numbers, bank account number, PIN, ATM code, etc – in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

Protection for IE users:
To avoid clipboard hijacking, do the following:

  1. Go to internet options and security.
  2. Press custom level.
  3. In the security settings, select disable under Allow paste operations via script.

Now the contents of your clipboard are safe.
Please forward this article to as many friends as you can to make them aware of this issue.

thanks to Amol Bharti-Security Researcher. visit him at amudee.com

Article by Ashwin Shahapurkar

[Founder] - Quiet type and Creative Guy who enjoys creating and exploring new trends on the Internet. He's currently pursuing B.E. in “Information Technology”. Send an email
Windows phone 8 – New features and Handsets! How to Block Unwanted SMS on Android phone? Candice Boucher wallpapers for Samsung Galaxy Mobiles Mobile Spy App for android, iphone, Blackberry & Nokia
  • http://www.aksindiblog.com Aswani

    Ashwin..yet another useful and informative post. I have been doing the same a lot these days. Simply copying and pasting passwords for easy login but it certainly looks dangerous from the way you have described it in your article. Will keep it in my mind forever. Thanks buddy…Keep writing and informing :)

  • http://knowsomethingabout.blogspot.com/ Seenu

    Im using windows7 when i followed your trick a warning message pop-ups, showing wheter to allow or not access the clipboard to internet explorer.
    if say ‘no’ it wont show
    So nothing thing to worry unless we click ‘yes’.

  • vijay

    Just like you told the protection for IE, is there any protection that we can do for other browsers like Firefox/Chrome because mostly these are the browsers that are used…IE is seldomly used..

  • Water Duck

    I preferred to send myself an email with an innocuous title and which I saved along with a few other emails.
    I’ve been copying and pasting from that email for years.

  • Concerned Citizen

    Your grammar and punctuation suck.

  • Kaligus

    As an IT professional I have found it is far safer, easier, and more
    effective to teach people to ALWAYS clear their clipboard by copying
    useless text after a password paste, use a different password
    EVERYWHERE, remembered using a password safe program, randomly
    generated, and as long as possible.

    If you can remember your
    password it is insecure is still far more effective than reverting to
    short, easy to remember password that is the same everywhere.

    Lets say company “a” gets hacked and their password list is compromised,
    everyone who has remembered their short, easy to remember password now
    needs to change their password everywhere to be safe.

    Asking most people to use a password safe and not copy/paste is about the same as asking a child not to go nuts in a candy store, not asking people to use
    a password safe is making the job of miscreants easier because they
    only need to hack one company and they have a large useful cache of
    passwords.

x