Given the sheer amount of news that concerns user credentials, from warnings about 800 million stolen passwords found online, and infostealer malware constantly adding to that number, you would like to think that securing them would be priority number one for smartphone manufacturers. Not, it would appear, as far as Samsung is concerned. Thanks to eagle-eyed One UI users, Samsung has now confirmed that there is, indeed, a massive password problem that poses a security risk. Here’s what you need to know and do right away.
Samsung Exposes Plaintext Passwords In One UI
Hackers really don’t need the job of finding and compromising your passwords made any easier, which is why so many services are working hard to convince users to move to more secure passkey technology. One of the most prominent players in the smartphone industry, Samsung, has been called out for making a rather huge password security faux pas, however. In a One Ui beta support community forum, one user pointed out that passwords are being exposed in plain text for anyone with access to the device clipboard to see, copy, and compromise.
The user, going by the handle OicitrapDraz, said “I copy passwords from my password manager all the time… and I know a lot of people do the same. How is it that Samsung’s clipboard saves everything in plain text with no expiration?” That’s a huge security issue, they said, and oh boy, they are not wrong.
The clipboard functionality is so tightly integrated into the One UI system that it makes no difference what keyboard you use, what protective measures you try to take, your history gets stored in plain text all the same. “If someone steals your phone, or even if a friend or acquaintance uses it while it’s unlocked,” OicitrapDraz warned, “they can just scroll through your clipboard and see all your passwords.”
Samsung Confirms Security Issue – Offers Workaround Mitigation Advice
As first reported by Cybernews, Samsung has confirmed that the password exposure issue is for real and has no permanent solution at this time. I have reached out to Samsung for a statement, but in the meantime, a Samsung spokesperson has responded to the forum posting with a mitigation workaround.
The One Ui Beta Team said:
“As you’ve noticed, the clipboard history is currently managed by One UI system-level integration, which means even third-party keyboards like Gboard cannot override its behavior. At this time, there’s no built-in setting to auto-delete clipboard contents after a certain period, which can indeed pose a security risk in some situations. We agree that adding options such as auto-clear clipboard after X minutes/hours or excluding sensitive apps from clipboard history would be valuable enhancements. We’ll share this feedback with the appropriate team.”
As far as a workaround in the meantime is concerned, Samsung said that users are recommended to clear their clipboard history regularly and use a secure input method, such as copying directly from a password manager app, where possible. I’d go further and add switching to a passkey wherever it is supported to that list.