Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
- From: Vertigo <duvel123 gmail com>
- To: Thorsten Sick <thorsten sick email de>
- Cc: seahorse-list gnome org, stef memberwebs com, gnome-keyring-list gnome org
- Subject: Re: Seahorse and clear text passwords: a proposal for a pragmatic solution
- Date: Fri, 30 Oct 2009 19:59:59 +0100
The security philosopy is right. If something/someone gets control of
the user's account the battle is lost.
I dont think it has to be so "binary". There are many ways to lose a war.
While fundamentally you are right, I would urge everyone to leave room for some nuance. I lock my house and I put some of my more valuable stuff in a (cheap) safe. A skilled and dedicated thief will crack both, that doesnt mean I just leave my front door open and put my savings on the dinner table, just because I cant afford to build a Fort Knox. (ok, so now Im resorting to analogies myself, forgive me :) )
Seahorse as it is now is open invitation to snatch someone's passwords when he is not looking at his screen for a minute. Password protecttng seahorse (and possibly other apps, as I mentioned earlier Im not exactly a specialist when it comes to gnome or security) will not secure one's passwords fundamentally, we know that, but it will deter I bet 99% of potential identity thieves. If you add a dialogue that informs the user of the actual lack of security when leaving his account unlocked, I do not see any downsides, assuming what is being proposed here is technically feasible and not too hard to implement.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]