Here is Why You Should Never Copy-paste Your Passwords

Most of us have a habit of storing login credentials for each website in a text file or in notes app on our device and whenever we want to login to any website, we conveniently copy the username or password and paste it into login form fields of the website we want to access.

Of course, a lot of websites do restrict the copy-pasting of passwords in the login fields; however, a large majority of websites do allow the copy-pasting of login credentials, and this is where it gets dangerous. The situation can easily turn disastrous if someone sitting on the other side of the world could sniff your password that was stored on your clipboard when you copied it.

why you should never copy-paste your passwords

You will never hear any security personnel or website owner say they are completely hack-proof, because the truth is, there is nothing called hack-proof, and the noobs just don’t admit it.

The hackers have been stealing credit card data, social security numbers, and, of course, your online identity with very simple yet powerful techniques like phishing.

Do you know that most of the popular companies have a hack history? Yes, companies like Twitter, Facebook, Google, Microsoft, and even NASA have faced terrible hacking attacks. No matter what security software or firewall one is using, nobody is 100% hack-proof, and so you are.

Now let’s get back to the topic we are discussing here. Almost everyone of us is good at copy-paste work, right? Isn’t it so simple? Just press Ctrl+C to copy and Ctrl+V to paste. So much so that we even copy-paste our password in the login fields, and that’s where comes the biggest Risk.

Believe me, it’s not at all safe, and actually, it doesn’t really matter how complex or large your password is. If you use the copy-paste option to enter a password using any browser, such as Internet Explorer, then you are at a big risk, my dear.

Most of us are active on many websites, including social networks, and as a best practice, we use different passwords on each website. But gradually, it becomes tedious to remember so many passwords, so we end up creating an excel sheet or text document of our passwords, and later we just copy-paste whenever required. So we finally make that small mistake, which is enough for the cybercriminals.

How is this possible—stealing clipboard data?

When you copy any data on your device, like text or media files, it gets stored on the clipboard, and this clipboard data is accessible from the internet with simple JavaScript and can be further stored on a server.

It’s a very simple yet effective trick to steal unauthorized data. That means your friend sitting far away from you on a different device can access any data that you have copied on your device using simple JavaScript. Yes, it is a simple yet effective trick to steal unauthorized data (personal information).

Try it yourself!

It works only on Internet Explorer

  1. Copy any random text from this page or from your PC.
  2. Open Internet Explorer browser and go to

You will see your last clipboard data in the message box. Surprised?,. You shouldn’t be. If you are using the latest version of Internet Explorer, you will be asked to choose whether you want to allow the webpage to access your clipboard data or not.

The clipboard hacking JavaScript for Internet Explorer

<script language=”JavaScript”>
var content = clipboardData.getDataundefined”Text”);>
alertundefinedcontent);
</script>

The script works only on Internet Explorer and not on other browsers like Chrome, but this doesn’t mean you are safe. Most modern browsers, like Chrome, Firefox, etc., support extensions or addons. These are extra pieces of code that you can install in your browser to extend functionality. These extensions can easily see and copy your clipboard data.

As you have seen, the script above has successfully displayed your last copied text. It is also possible to save or send that data to a hacker’s server and access it later on.

This test proves that it is totally unsafe to copy-paste passwords or any other sensitive data like credit card details, bank details, etc. in the browser since it is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

Protection for IE users:

To avoid clipboard hijacking, do the following:

  1. Go to “internet options and security.”.
  2. Press “custom level.”.
  3. In the security settings, select disable under “Allow paste operations via script.”.

Now the contents of your clipboard are safe. Please forward this article to as many friends as you can to make them aware of this issue.

Related posts:

  1. How to create fake Facebook login page
  2. How to hack Instagram account password
  3. Create your own VPN server
  4. Best cell phone spy app

Ashwin S

A cybersecurity enthusiast at heart with a passion for all things tech. Yet his creativity extends beyond the world of cybersecurity. With an innate love for design, he's always on the lookout for unique design concepts.