2

I noticed that multiple password-locker applications recommend that you use the drag-and-drop feature to transfer passwords to login forms instead of copying the passwords to the clipboard or having the password locker type the password for you using simulated key presses. The basic argument its fairly easy for a keylogger to record key presses or to peek inside the contents of the clipboard.

I know that nothing can totally protect your data if your computer has been compromised but is it true that its harder for spyware to get the password if its transferred using drag-and-drop?

hugomg
  • 121
  • 3

1 Answers1

4

Though it's better in the sense that communication is automatically between two windows (and you can hope the object disappears after it's transferred), I'm voting no¹ because:

The only protection I saw was at the process level: you can't DnD from a non-elevated process to an elevated one (prevents shatter attacks).

¹ I don't have a Windows system to test on so I'm just referencing things that seem to disprove it.

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
ǝɲǝɲbρɯͽ
  • 429
  • 2
  • 8