Re: Seahorse and clear text passwords: a proposal for a pragmatic solution

From: Vertigo <duvel123 gmail com>
To: Thorsten Sick <thorsten sick email de>
Cc: seahorse-list gnome org, stef memberwebs com, gnome-keyring-list gnome org
Subject: Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
Date: Fri, 30 Oct 2009 19:59:59 +0100

The security philosopy is right. If something/someone gets control of
the user's account the battle is lost.

I dont think it has to be so "binary". There are many ways to lose a war.

While fundamentally you are right, I would urge everyone to leave room for some nuance. I lock my house and I put some of my more valuable stuff in a (cheap) safe. A skilled and dedicated thief will crack both, that doesnt mean I just leave my front door open and put my savings on the dinner table, just because I cant afford to build a Fort Knox. (ok, so now Im resorting to analogies myself, forgive me :) )

Seahorse as it is now is open invitation to snatch someone's passwords when he is not looking at his screen for a minute. Password protecttng seahorse (and possibly other apps, as I mentioned earlier Im not exactly a specialist when it comes to gnome or security) will not secure one's passwords fundamentally, we know that, but it will deter I bet 99% of potential identity thieves. If you add a dialogue that informs the user of the actual lack of security when leaving his account unlocked, I do not see any downsides, assuming what is being proposed here is technically feasible and not too hard to implement.

References:
- Seahorse and clear text passwords: a proposal for a pragmatic solution
  - From: Vertigo
- Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
  - From: Stef Walter
- Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
  - From: Thorsten Sick

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]