• General
  • Clipboard fails to copy from one user profile to another

I'm brand new to this. Possibly going overboard with the amount of profiles I'm setting up. But I wanted to keep a separate fully offline profile for Aegis authenticator and keepass.

I think the OTPs with Aegis will be easy to bounce between profiles typing from memory.

BUT

I can't copy and paste complex passwords from one profile to another. Is this normal for the clipboard? Should I just have my keepass installed in whichever profile I'll need it?

Long term solution- save varied passwords in different user-spaces vanadium and use yubikey NFC to authenticate?

NB. For those interested I'll post a breakdown of my numerous user profiles for you to scrutinise and school me on in another post.

This profile would be for my 'anon forums' useage. One email just for GOS, Qubes, Reddit, etc.

Can you tell I'm coming from the qubes VaultVM model of thinking?

Hi there! I can indeed tell you've used Qubes OS. :)

The clipboard doesn't persist across profiles. You can't copy something in one profile and paste it in another.

You should think of different user profiles as the closest thing to separate phones without actually having a separate phone.

    matchboxbananasynergy

    Thanks for coming back to me. How do people manage their passwords and 2fa with GOS in this case?

    Would you say my separate profile for an authenticator app is worthwhile? I get that it doesn't provide any extra sandboxing, but at least any sneaky requests and intents wouldn't have access to authenticator app data within the same profile.

    For some stuff it just doesn't matter. The profile email and logins I'm using for these tech forums could get hijacked and there's really nothing lost.

    But that won't be true for all profiles, accounts and use-cases.

      Theres little to be gained using a different profile for this kind of stuff.

      Ideally your password manager supports autofill and/or has its own keyboard (like the magikeyboard feature in keepassDX) so you dont need to copy/paste passwords and risk them staying in your clipboard and leaking to other apps.

      OTP codes can be copy/pasted without much risk as only the focused app has access to the clipboard and once they are used leaking them is not a problem.

      Toomanyuserprofiles seeing as you seem to have a good insight into the paradigm shift- can you advise if there's is any benefit whatsoever of putting session in a completely isolated profile? My thinking is if there's some user to user malicious code injection it might preserve some of my other user identities? Am I still thinking with my qubes hat?

        Toomanyuserprofiles
        Yeah think you are.
        Unlike Qubes where VMs provide the security boundary, in Android user profiles are separated via SELinux MLS (multi level security).
        Apps with a targetSDK of 28 (Android 9) or later also have their sandbox enforced by SELinux MLS.
        Any exploit that could cross the boundary between apps would likely be capable of crossing between user profiles.

          2 months later

          dazinism What about for apps that aren't necessarily designed to exploit but are very aggressive in their data collection - like those of Google? If you are going to use something like Google Maps is there any value in keeping it in its own profile with Google stuff?