Re: gnome-keyring Seahorse and clear text passwords: a proposal for a pragmatic solution




The security philosopy is right. If something/someone gets control of
the user's account the battle is lost.

I dont think it has to be so "binary". There are many ways to lose a war.

 While fundamentally you are right, I would urge everyone to leave room for some nuance.  I lock my house and I put some of my more valuable stuff in a (cheap) safe. A skilled and dedicated thief will crack both, that doesnt mean I just leave my front door open and put my savings on the dinner table, just because I cant afford to build a Fort Knox. (ok, so now Im resorting to analogies myself, forgive me :)  )

Seahorse as it is now is open invitation to snatch someone's passwords when he is not looking at his screen for a minute. Password protecttng seahorse (and possibly other apps, as I mentioned earlier Im not exactly a specialist when it comes to gnome or security) will not secure one's passwords fundamentally, we know that,  but it will deter I bet 99% of potential identity thieves. If you add a dialogue that informs the user of the actual lack of security when leaving his account unlocked, I do not see any downsides, assuming what is being proposed here is technically feasible and not too hard to implement.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]