On Thu, 2013-10-10 at 16:41 +0200, Dominique Leuenberger a.k.a. Dimstar wrote:
Would you recommend to 'automatically' create a keyring without a password for autologin users?
I think it's a matter of sane defaults. I do think automatic login clearly implies that the user does not want to type a password when logs in, and if he does, then the setting is broken, period. It seems to follow that passwords for stuff that run at login should be stored unencrypted if the user is using automatic login. If we were to somehow implement that, we would probably want to warn the user about the security implications, of course. (Or maybe the user has LUKS encryption and really doesn't need to type a password twice.) I missed the distinction between login tasks (wireless networks, Telepathy accounts) and non-login tasks (web/email passwords) that Sam Bull has pointed out. So maybe non-login-related passwords could still be protected by default.
Attachment:
signature.asc
Description: This is a digitally signed message part