A password manager effectively can't protect against other applications on the same machine. IMO that makes the universality of the clipboard more valuable than the safety of using alternate input methods.
Though since there are plenty of things that block pasting passwords, those alternate options are appreciated.
I think the point in discussions like these is, what is the alternative? Ie, add value to the discussion, not argue over semantics. Arguing that everything (or this thing) sucks is.. non constructive. What do you see as better alternatives?
I agree completely, the clipboard is non-trusted. Yet the fact remains, how can we transmit an arbitrary string from a secure app like a password store, to another app in need of authorization? Lets build constructive conversations.
> so you know and trust every piece of software that is running on your machine?
Ostensibly, yes. Because (as 'StavrosK said), if I don't then we can't even begin to talk about security on that machine yet. We have to start with assumptions somewhere.
If software on your machine is compromised, your machine is compromised (or will be in short order). You need to make reasonable concessions and stick with them in order to get anywhere.
A password manager effectively can't protect against other applications on the same machine. IMO that makes the universality of the clipboard more valuable than the safety of using alternate input methods.
Though since there are plenty of things that block pasting passwords, those alternate options are appreciated.