touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #18758
[Bug 1363214] Re: [System Settings] [design] allow PINs of variable length instead of just 4 digits
** Tags removed: touch-2014-11-13
** Tags added: ota-2
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1363214
Title:
[System Settings] [design] allow PINs of variable length instead of
just 4 digits
Status in Ubuntu UX bugs:
Triaged
Status in “ubuntu-system-settings” package in Ubuntu:
Confirmed
Status in “unity8” package in Ubuntu:
New
Bug description:
Currently when setting a PIN on the device, it must be 4 digits. This
is artificially limiting. Other platforms (eg Android) allow longer
PINs. It has always been my understanding that we should support
Swipe, Passphrase and PIN where Passphrase and PIN can be arbitrarily
long.
However, once longer PINs are supported, we will have to add an Enter
key. Right now, the lockscreen checks the PIN once 4 digits are added
so that you don't have to press Enter. I guess this was done for
usability, but would be a security issue because an attacker can
easily determine the PIN length, which makes it easier to for an
attacker to guess the PIN. Eg, if I have a 5 digit PIN set, then an
attacker need only type '11111' and know that the PIN is only five
characters. Now, a PIN isn't strong to begin with and an automated
attack could rather quickly brute force PINs, but we shouldn't make it
easier for someone manually trying to guess the PIN.
The passphrase lockscreen prompt correctly allows variable length
passphrases and requires you to press Enter.
I suggest moving the 'X' up t the left of '0' and an Enter symbol to
the rigth of '0'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-ux/+bug/1363214/+subscriptions
References