If you own a Samsung Galaxy phone, then there’s a serious password risk that has suddenly been exposed. Samsung has confirmed there’s currently no fix, albeit you can ensure your passwords remain safe. You just need to change how you use your phone.
The warning was triggered on Samsungh’s U.S. community forum this week, with one Galaxy owner posting “I copy passwords from my password manager all the time and I know a lot of people do the same. How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.”
Many users copy passwords from a password manager and then paste them into a login window, rather than using any form of autofill. “If someone steals your phone, or even if a friend or acquaintance uses it while it’s unlocked, they can just scroll through your clipboard and see all your passwords? That’s wild.”
As we are all encouraged to use longer, unique passwords, this becomes more of an issue. And it’s not just password managers of course, many users store passwords in text documents or notes, and then paste them across.
“There should at least be an option to auto-delete clipboard history after a few hours. Right now, the only option is to manually go in and delete sensitive stuff.”
This isn’t new, as one Redditor pointed out when it blew up again this week: “This is something samsung outright refuses to fix. People have been complaining about it for ages.” While another poster advised users: “Two things you can do to mitigate this — Add the clipboard history edge panel which has a clear history button. You can then clear your history whenever you’d like fairly quickly.; Under Security Settings – > Controls and Alerts -> Enable Alert when clipboard accessed… Unfortunately, Samsung in its infinite wisdom doesn’t give a toggle to disable this entirely.”
Samsung confirmed the risk. “You’ve raised a valid concern regarding clipboard security,” a moderator told the poster, “especially in scenarios involving sensitive data like passwords… The clipboard history is currently managed by One UI system-level integration, which means even third-party keyboards like Gboard cannot override its behavior. At this time, there’s no built-in setting to auto-delete clipboard contents after a certain period, which can indeed pose a security risk in some situations.”
Samsung’s moderator acknowledged this needs a fix. “We agree that adding options such as auto-clear clipboard after X minutes/hours or excluding sensitive apps from clipboard history would be valuable enhancements. We’ll share this feedback with the appropriate team. In the meantime, we recommend clearing clipboard history regularly and using secure input methods directly from your password manager app.”
And so, if you’re a Galaxy owners, you should stop copying and pasting passwords, leaving them in your clipboard history in plain text. You need a password manager and you need to use that properly. No shortcuts, I’m afraid.