Re: GNOME keyring unlocking

On Thu, 2013-10-10 at 16:41 +0200, Dominique Leuenberger a.k.a. Dimstar
Would you recommend to 'automatically' create a keyring without a  
password for autologin users?

I think it's a matter of sane defaults. I do think automatic login
clearly implies that the user does not want to type a password when logs
in, and if he does, then the setting is broken, period. It seems to
follow that passwords for stuff that run at login should be stored
unencrypted if the user is using automatic login. If we were to somehow
implement that, we would probably want to warn the user about the
security implications, of course. (Or maybe the user has LUKS encryption
and really doesn't need to type a password twice.)

I missed the distinction between login tasks (wireless networks,
Telepathy accounts) and non-login tasks (web/email passwords) that Sam
Bull has pointed out. So maybe non-login-related passwords could still
be protected by default.

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]