touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #119364
[Bug 1363214] Re: [System Settings] [design] allow Passcodes of variable length instead of just 4 digits
I would suggest the following solution:
---------------
Enter
Device PIN
(1) (2) (3)
(4) (5) (6)
(7) (8) (9)
(0)
(X) (<) (/)
---------------
The numbers could be grey or blue.
The (X) button is red and locks the screen.
The (<) button is yellow deletes the last cipher of the entered PIN
The (/) is green and acts as Enter button. Note: the "/" here should of course really be a tick character.
Give the user the choice (Settings) how to input the PIN:
Mode 1) The current behaviour (No enter required), but you can guess the length of the PIN just by typing arbitrary numbers.
Mode 2) Entering the correct PIN matches and auto-enters, but the wrong
pin won't tell you there is no match possible by entering more
characters. Only pressing (/) will tell you that the PIN is wrong.
Assuming the pin is 12345
Entering 23456 does not match and you can enter any amount of more ciphers. Pressing (/) will tell you that the PIN is wrong. You can delete characters with (<).
Entering 12345 matches and immediately unlocks the screen.
Mode 3) Entering the correct PIN does not auto-enter, you have to press
(/) always to let the dialog check if the entered PIN is correct.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1363214
Title:
[System Settings] [design] allow Passcodes of variable length instead
of just 4 digits
Status in Ubuntu UX:
Triaged
Status in ubuntu-system-settings package in Ubuntu:
Incomplete
Status in unity8 package in Ubuntu:
Incomplete
Bug description:
Currently when setting a Passcode on the device, it must be 4 digits.
This is artificially limiting. Other platforms (eg Android) allow
longer Passcodes. It has always been my understanding that we should
support Swipe, Passphrase and Passcode where Passphrase and Passcode
can be arbitrarily long.
However, once longer Passcodes are supported, we will have to add an
Enter key. Right now, the lockscreen checks the Passcode once 4 digits
are added so that you don't have to press Enter. I guess this was done
for usability, but would be a security issue because an attacker can
easily determine the Passcode length, which makes it easier to for an
attacker to guess the Passcode. Eg, if I have a 5 digit Passcode set,
then an attacker need only type '11111' and know that the Passcode is
only five characters. Now, a Passcode isn't strong to begin with and
an automated attack could rather quickly brute force Passcodes, but we
shouldn't make it easier for someone manually trying to guess the
Passcode.
The passphrase lockscreen prompt correctly allows variable length
passphrases and requires you to press Enter.
I suggest moving the 'X' up t the left of '0' and an Enter symbol to
the rigth of '0'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-ux/+bug/1363214/+subscriptions
References