[fractal/add_security_considerations] Update README.md

From: Julian Sparber <jsparber src gnome org>
To: commits-list gnome org
Cc:
Subject: [fractal/add_security_considerations] Update README.md
Date: Sat, 17 Sep 2022 10:14:04 +0000 (UTC)

commit b20cea0494fafca921dfaf52b518d30deb153c40
Author: Julian Sparber <julian sparber net>
Date:   Sat Sep 17 10:14:03 2022 +0000

    Update README.md

 README.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
---
diff --git a/README.md b/README.md
index 134eb7a80..be5ace0ac 100644
--- a/README.md
+++ b/README.md
@@ -84,9 +84,14 @@ flatpak install --user gnome-nightly org.gnome.Fractal.Devel
 ### Runtime Dependencies
 
 Fractal doesn't store your **password** but uses [Secret 
Service](https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/)
-to store your other **credentials** so you should have something providing that service on your
-system. If you're using GNOME or KDE this should work for you out of the box with gnome-keyring or
-ksecretservice.
+to store your **access token** and **passphrase** used to encrypt the local cache.
+Therefore, you need have something providing that service on your system.
+If you're using GNOME or KDE this should work for you out of the box and gnome-keyring or ksecretservice
+should already be installed and setup.
+
+#### Secuirty Considerations
+
+Additionally to setting up the [Secret 
Service](https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/), make sure to use a strong 
**password** for the keyring, or for the user session if used to unlock the keyring (normally it's the case), 
since it will be used to encrypt secrets in **Secret Service**. Furthermore, make sure to lock your system 
when stepping away from the computer since a unlocked computer gives other people access the private 
comunications and stored secrets.
 
 ## Contributing
 
@@ -100,10 +105,6 @@ Fractal is translated by the GNOME translation team on [Damned lies](https://l10
 
 Find your language in the list on [the Fractal module page on Damned 
lies](https://l10n.gnome.org/module/fractal/).
 
-### Security considerations
-
-Fractal uses [SecretService](http://standards.freedesktop.org/secret-service/) to store the access token and 
the passphrase to access the local cache. Generally, when Fractal is used with GNOME. The information stored 
via the SecretService is stored in the [GNOME Keyring](https://wiki.gnome.org/Projects/GnomeKeyring), which 
on the other hand, by default, uses the users password to access the stored information.
-
 ## Frequently Asked Questions
 
 * Does Fractal have encryption support? Will it ever?

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]