Etienne has it right, but to give a bit more detail: The use case scenario is that users want to be able to Copy both a password _and_ an account name out of a password utility (LastPass, 1Password, etc), then go to a web form or something and use a pasteboard history utility to Paste first the account name, then the password (or vice-versa).
That is: ConcealedType allows pasteboard history utilities to still provide their useful functionality of Pasting multiple items from the history, even if some of the pasteboard content is not something that you would want someone glancing over your shoulder to see. If a password utility uses TransientType for the password, then the pasteboard history utility should ignore it, and the use case is broken. If the password utility uses no marker, then the use case works, but users then might worry about "shoulder surfers", or in a case like Quicksilver, the pasteboard history being written to a plain-text file where the password seems vulnerable. Therefore, ConcealedType marked items should be: - displayed in pasteboard history, preferably as "pa******" or similarly obscured, available for pasting - _not_ be written as plain text to a pasteboard history file. It's easiest just to exclude them from any history file, but I guess some developer might want to encrypt them or something. Thanks, Brian On Friday, October 18, 2013 3:11:50 AM UTC-7, Etienne wrote: > > A pasteboard item marked with ConcealedType should be treated carefully > because it's sensitive information (eg display as ••••), while > TransientType should not be shown at all. The rational being that users are > likely to still want their passwords to end up in their password manager, > but be treated as sensitive information. > > Cordialement, > Etienne Samson > -- > [email protected] <javascript:> > > Le 18 oct. 2013 à 02:27, Patrick Robertson > <[email protected]<javascript:>> > a écrit : > > > Interesting, thanks for the info Brian. Don't think we're using > org.nspasteboard.ConcealedType in QS. Probably worth us adding it. Apart > from the more explicit name, why a new identifier? > > > > On 18 Hyd 2013, at 05:43, Brian Bucknam <[email protected]<javascript:>> > wrote: > > > >> On Thursday, October 17, 2013 11:15:11 AM UTC-7, Ian uɐI wrote: > >> A user, though I wanted a bit of technical info before i posted this as > a feature request on their forum / support. > >> > >> Just for completeness: Using the nspasteboard.org TransientType would > probably be a mis-use of this marker, and the recent 1Password release > generated a bunch of flak from users by initially doing this in a beta. > >> > >> Smile Software (who maintains that nspasteboard.org page) is in the > process of adding an org.nspasteboard.ConcealedType, which would be the > correct marker for LastPass and 1Password to use. I tried to get the Agile > (1Password developers) to go with org.nspasteboard.ConcealedType, but it > looks like they chose to go their own way and add a > com.agilebits.onepassword marker instead. > >> > >> However, a few notable pasteboard utilities already do ship with > support org.nspasteboard.ConcealedType -- Keyboard Maestro and Butler. > >> > >> Just FYI if you do contact Lastpass support, > >> Brian > >> > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups "Quicksilver" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]<javascript:>. > > >> To post to this group, send email to > >> [email protected]<javascript:>. > > >> Visit this group at > http://groups.google.com/group/blacktree-quicksilver. > >> For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Quicksilver" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]<javascript:>. > > > To post to this group, send email to > > [email protected]<javascript:>. > > > Visit this group at http://groups.google.com/group/blacktree-quicksilver. > > > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Quicksilver" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/blacktree-quicksilver. For more options, visit https://groups.google.com/groups/opt_out.
