CapeSoft.Com
Clarion Accessories
PassPaste
 

CapeSoft PassPaste

Download History Docs Buy Now
Version version number  

Introduction

Recent versions of Clarion have disabled the ability for a user to paste text into a Password field [1]. While this may be advantageous in some circumstances, it greatly weakens security in general by preventing the use of secure (ie long and random) passwords generated by password managers. PassPaste is a small template that allows users to paste text into password fields, using either Ctrl-V, or Right-Mouse-Button / Paste.

All the proceeds collected from this template go to charity (over and above our normal charitable contributions.) For a list of the charities we regularly support see our Social Responsibility page. If you cannot afford this product please contact us and we will arrange a free copy for you.

[1] This is likely not an overt action by SoftVelocity. It is likely to be a side effect of the way a native Windows entry field is being used.

Features

Why is Pasting Prevented?

Having a password in the clipboard is not ideal because the clipboard is available to any program on the computer, and is plain text. Thus if your computer is compromised with some kind of malware, then that program may be able to inspect the clipboard from time to time and extract passwords from there (This seems to ignore the issue that malware can just as easily log keystrokes.)  Equally if, after using the clipboard, the password is left there then another user at your keyboard can retrieve it simply by pasting into say Notepad (if you leave your desk.)

Unfortunately the solution (preventing a Paste) does not fix the root problem. The user has already copied the password into the clipboard, so the damage (if there is any) has already been done. Indeed since the user flow has been interrupted it's possible they may now forget to clear the clipboard.

PassPaste works to resolve the problem by not only allowing the Paste, but then immediately clearing the clipboard. Since you are pasting into  password field the program is uniquely able to determine that the clipboard contains a password, and that this password is now no longer required.

Programs that prevent pasting are making an attempt to educate users, by not accepting the password they "teach" the user not to copy the password into the clipboard in the first place. This approach might work if it was universally adopted, but that is not the case [2]. Since the consensus is that very long, random passwords are the only protection against off-site brute-force attacks, the use of Password Managers is by far the best solution to that vulnerability. Given the choice between (ineffective) local clipboard protection and the risk of short passwords being brute-forced, the accepted security practice is to promote long, random passwords and to allow Paste from the clipboard.

References


Troy Hunt - The "Cobra Effect" that is Disabling Paste on Password Fields.
Wired Magazine - Websites, Please Stop Blocking Password Managers. It’s 2015.
OWASP - Authentication Cheat Sheet.

[2] All modern browsers, including Chrome, Firefox, Safari, IE and Edge allow pasting into password fields.

Webinar

A discussion of this template, and the use of passwords in general was included in the ClarionLive webinar #407, 14 April 2017.

Acknowledgment

The initial exploration of this issue, and a proof-of-concept solution was suggested by John Hickey during an OpenClarion webinar on 29 March 2017.

Suggestions for improvement, and some code suggestions, were submitted by Carl Barnes.

Compatible With

Clarion 8Yes
Clarion 9Yes
Clarion 10Yes
Clarion Templates Yes
ABC TemplatesYes
Local ModeYes
DLL ModeYes
Multi DLLYes

Documentation & Support

Documentation for the product is available here. Go here for further support.

Cost

The price of PassPaste is $20. It is available for purchase from ClarionShop.

All the proceeds collected from this template go to charity (over and above our normal charitable contributions.) For a list of the charities we regularly support see our Social Responsibility page. If you cannot afford this product please contact us and we will arrange a free copy for you.

For other payment options please contact us here

Refund Policy

CapeSoft believes that if you aren't satisfied with our products, we would like them back - and we will refund you the money. This allows you to purchase our products with confidence. You can read our full refund policy here.
CapeSoft.Com
Clarion Accessories
PassPaste