1. Home
  2. Options
  3. Security Options
  1. Welcome
  2. About Password Safe
  3. Password Safe and YubiKey
  4. Getting Started
  5. Using Password Safe
  6. Password Safe Menus
  7. Options
    1. Backup Options
    2. Display Options
    3. Misc. Options
    4. Password History Options
    5. Password Policy Options
    6. Security Options
    7. System Options
    8. Keyboard Shortcuts
  8. Appendices
  9. Program Credits

Security Tab

security tab

The Security Tab provides access to user controlled security settings.

Clear clipboard upon minimize

When checked, the program clears clipboard contents of any stored data (such as a password) when the application is minimized. This prevents anyone else or any other program from reading the contents of the clipboard. Note that selecting this option with the "Copy password to clipboard, and then immediately minimize" double click action in the Misc Options tab will lead to unexpected results (the password will be copied, but immediately cleared).

Clear clipboard upon exit

When checked, the program clears clipboard contents of any stored data (such as a password) when the interface is minimized or closed. This prevents anyone else or any other program from reading the contents of the clipboard.

Exclude from clipboard history

When checked (default), items that Password Safe place on the clipboard (such as passwords) are not include in the clipboard history, in systems where this feature is supported (Windows 10 and later). By unchecking this, you're potentially exposing your passwords to anyone who can access your clipboard history.

Confirm item copy to clipboard

When checked, a prompt is displayed requesting user confirmation every time a password is copied from the database to the clipboard.

'Browse to URL' copies password to clipboard

It's useful to have the password ready for pasting when browsing to a website's login page. However, this can be considered a security risk, since you didn't explicitly copy the password. If you check this, the relevant password will be copied to your clipboard when browsing to the URL specified in the entry.

Exclude from screen capture

One possible security risk is someone surreptitiously capturing your screen when Password Safe is open. Even if you don't have a password displayed, the other information in an entry or the main window can be of use to an attacker. Starting with version 3.64, Password Safe protects against this by hiding the application from Windows' screen capture feature. If you wish to disable this feature, e.g., for taking a screenshot to report a problem, you can do so by clearing this checkbox.

Notes

  • This feature is only supported on Windows 10 Version 2004 and later.
  • Some programs, such as remote desktop viewers and screen readers for the visually impaired, rely on the screen capture capability to function. If you're using such programs on a regular basis, you might want to disable this. See also the Command Line Arguments page.
  • When enabled, a small green icon is displayed in the main window's status bar, and in the master password entry dialog.
  • When disabled, the icon will be displayed in yellow.
  • When overridden by the command line argument, the icon will be displayed in red.

Database locking

When the database is locked due to one of the events below, the database is saved, and then all its data is cleared from memory. However, the undo/redo log is retained so that changes can be undone (or redone) after unlocking. Note: all entry information in these commands remain encrypted in memory.

  • Lock password database on minimized

    When checked, the program locks the password database when the application is minimized. When maximized again for use, a password is required to access the database.

  • Lock password database on workstation lock

    Checking this causes the password database to lock when the workstation is locked preventing unauthorized access by users that may have access to the workstation.

  • Lock password database after...

    Checking this option and setting a time causes Password Safe to lock the password database after the set interval has passed without user actions in the application.

Unlock Difficulty

The setting of the slider determines how much processing is required to open and save a Password Safe database. The Standard setting should provide sufficient security without delaying the opening of a database significantly on most platforms. When increasing this value, consider the slowest CPU that you will use to access the database.

Password Safe uses the original Key Stretching algorithm published by Bruce Schneier, which expands the password to contain more entropy to make it significantly harder to employ brute-force processing. The slider sets the number of iterations of the stretching, between 2048 and 222.