touch-packages team mailing list archive

Thread
Date

[Bug 1371048] Re: phone believed to enforce undocumented password policy

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Oliver Grawert <ogra@xxxxxxxxxx>
Date: Thu, 18 Sep 2014 10:36:38 -0000
Reply-to: Bug 1371048 <1371048@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

there is no "hard coding" it checks if the username and password are
identical ... in teh beginning of working on developer mode this helped
to force people to update their password and make sure dev-mode was
properly enabled (we used to set the password to match teh username in
former installs)

indeed this code needs to go ... password secuity needs to be managed
while the password is being set anyway

** Changed in: android-tools (Ubuntu)
       Status: New => Confirmed

** Changed in: android-tools (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to android-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1371048

Title:
  phone believed to enforce undocumented password policy

Status in “android-tools” package in Ubuntu:
  Confirmed

Bug description:
  Per conversation on IRC with ogra.

  The phone will reject passwords which match the username.

  Fine and dandy, but isn't password security the responsibilty of other
  entities and code. Rejecting just this insecure password, hard-coded,
  seems a bit odd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/android-tools/+bug/1371048/+subscriptions

References

[Bug 1371048] [NEW] phone believed to enforce undocumented password policy
From: John McAleely, 2014-09-18