Wednesday, April 29, 2015

Clearing the Android Clipboard on Samsung GS5 Running Lollipop

clear clipboard

Clear clipboard… get it? HA!

Since I started using crazy long, unmemorable passwords for just about everything, I started using KeePass on my Galaxy S5.  The problem is, when you copy a password to the clipboard to fill in a password field, Android holds that password in the clipboard. Even worse, the clipboard actually holds multiple items!  This means simply hitting “paste” will populate any field with the password you are trying to keep secret.  It also means those copied passwords (multiple passwords) are being stored on your Android clipboard.

http://keepass.info/images/icons/keepass_256x256.pngKeePass has a setting that allows you to set the time that Android should keep the password on the clipboard (settings: “Clipboard Timeout” with options 30 seconds, 1 minute, 5 minutes, and never), but the setting doesn’t seem to do anything (it simply doesn’t work).  My GS5 running Lollipop will keep a password on the clipboard indefinitely, even though I have “1 minute” selected in the KeePass settings (and have tried all the other options as well).

Supposedly Lollipop has implemented new API functionality that allows programs to copy/paste a password without using the clipboard.  I learned this from a post about 1Password which stated:

In Lollipop, 1Password can fill your information directly, without using the clipboard. Therefore, it isn’t possible for a third party to obtain your passwords by snooping on what 1Password’s doing.

The problem is, KeePass doesn’t seem to have implemented this “cool feature” yet, and my password is left hanging on the clipboard (to be accessed by malware, a user, or a clipboard manager).

In researching this issue, most posts on the topic say that you can simply long press in a text field to access the options “paste” and “clipboard” (or something similar), but on my device, this is not the case.  When I long press in a text field, I only get the “paste” option (thus, no option to clear my clipboard).

Other posts state that you can access the clipboard via an icon on your keyboard, however, the Google Keyboard has no such icon or accessibility (there is no button that gets you from the Google Keyboard to the clipboard).

If I switch to the Samsung Keyboard (which I hate), I can long press the second button to the left of the space bar (which can be assigned several different options), and one of the options is an icon of a clipboard.  Pressing this button does in fact gain me access to the clipboard (and quite a long and disturbing list of things stored there, including 10 or so passwords!).  WTF?!

So… I guess the problem is that the Google Keyboard ignores clipboard access functionality.  In order to access (and clear) your clipboard, you need to use a NON-Google keyboard, or a clipboard management app.

Obviously the best solution would be if KeePass just started using the Lollipop API that allowed for “non-clipboard” copied password storage… not to mention actually clearing the copied password after a certain amount of time like it’s supposed to.

Sunday, April 5, 2015

ACL Settings in Thecus NAS Prevent Connections

Yesterday I set up protections on shared folders in my Thecus N5550 NAS using the ACL settings (you can set permissions for specific users created in your NAS GUI).  Today I tried to access these folders on my NAS, and Windows 7 wouldn’t let me!  There was no option to enter the login credentials I created for the folders yesterday, and no way to make the NAS recognize my Windows credentials.

I searched for a while and found this (mysterious and not very solid) answer on the Thecus Forums:

1. Opened Network and Sharing Center
2. Opened Change Advanced Sharing....
3. Changed the last setting to "Use user accounts and passwords..."
4. Closed that and changed my active network type from "home" to "work"

Not sure exactly why it worked, but it did. Now I can enter my username (no need to add @thecus.com after the username) and pw to browse my ACL protected folder.

Thanks to user jonathan.morris for posting!  I too am not sure why this works, as I have not set up the ACL on the folders with my Windows credentials, nor did I enter the NAS user credentials I set up yesterday, but suddenly there is no issue accessing the NAS Share Folders directly via Explorer (which has me wondering how effective the ACL setting could be since I’m accessing the folders without entering any user/pass).

Windows advises that you should let it monitor and control your home network, but if I can’t USE my home network to access my NAS, Windows certainly isn’t doing its job correctly.