desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #156808
[Bug 1534645] [NEW] Cannot easily preserve a keyring to be only unlocked manually
Public bug reported:
Assume you want to create a keyring for secrets that you only need
rarely and thus want to access only on demand (not unlock on every login
session).
Whenever you access/unlock the keyring for the first, second, etc. time,
the "Unlock keyring" dialog asks for the password and has a preselected
checkbox "Automatically unlock this keyring whenever I'm logged in".
This is however not the current setting for this keyring, so it
constitutes a change of a setting, which counteracts the (likely)
intention of the user.
It is to easily to type the password and hit enter, thereby changing
this keyring to an automatically unlocked one, and this risk happens
repeatedly everytime you unlock it. In case you forgot to uncheck the
checkbox, the only way to restore the original setting is hidden (not in
keyring → properties, but only by setting a new password).
A security-focused application should also not have defaults that tend to decrease security in favor of usability.
Having the checkbox preselected gains less extra usability (for the case the user wants to change the keyring to be automatically unlocked: 1 click saved) than that it decreases usability (in case the user wants to keep the keyring manual: 1 click everytime to unselect it).
A possible fix is to not preselect the checkbox.
version 3.10.2 in Ubuntu 14.04 as well as in the version in Ubuntu 15.10
** Affects: seahorse (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to seahorse in Ubuntu.
https://bugs.launchpad.net/bugs/1534645
Title:
Cannot easily preserve a keyring to be only unlocked manually
Status in seahorse package in Ubuntu:
New
Bug description:
Assume you want to create a keyring for secrets that you only need
rarely and thus want to access only on demand (not unlock on every
login session).
Whenever you access/unlock the keyring for the first, second, etc.
time, the "Unlock keyring" dialog asks for the password and has a
preselected checkbox "Automatically unlock this keyring whenever I'm
logged in". This is however not the current setting for this keyring,
so it constitutes a change of a setting, which counteracts the
(likely) intention of the user.
It is to easily to type the password and hit enter, thereby changing
this keyring to an automatically unlocked one, and this risk happens
repeatedly everytime you unlock it. In case you forgot to uncheck the
checkbox, the only way to restore the original setting is hidden (not
in keyring → properties, but only by setting a new password).
A security-focused application should also not have defaults that tend to decrease security in favor of usability.
Having the checkbox preselected gains less extra usability (for the case the user wants to change the keyring to be automatically unlocked: 1 click saved) than that it decreases usability (in case the user wants to keep the keyring manual: 1 click everytime to unselect it).
A possible fix is to not preselect the checkbox.
version 3.10.2 in Ubuntu 14.04 as well as in the version in Ubuntu
15.10
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1534645/+subscriptions