In Windows 10 1809 Clipboard History was introduced in Windows 10. Basically it keeps a history of all you clipboard items, you can even sync them across devices. Which is really cool!
Many use Password managers and many IT departments use password managers or some sort of safe storage to secure sensitive passwords, like “break the glass” domain admin passwords. So how does a Password manager work with Clipboard history? Well in this example I used Password Safe, it tells us it will securely delete the password when you close the app. Most Password Managers do that.
What it really does is just copy blank text to the clipboard and that works just fine, if we haven’t turned on Clipboard History then we can see all the passwords copied and the blank entry that Password Safe created to wipe the password from the clipboard history. Pressing Windows logo Key + V will display the password history.
So before using this new cool feature maybe inform our users is a good idea about how it works and the fact that they can use it but if they copy something sensitive, they can delete it. Same for admin workstations maybe it is better to turn it off?
The registry key that controls clipboard history is: HKU\Software\Microsoft\Clipboard\EnableClipboardHistory
We can put that in a Group Policy preference for example to make sure it is turned off.
Clipboard history is really cool, we just need to keep this behavior in mind and inform our users and admins.
The Windows clipboard API can be informed that the contents is sensitive and shouldn’t be stored in history. Good password managers are aware of this and has implemented the nessecary changes. You don’t need inconvenience the user when the password manager handles this correctly.