ubuntu-phone team mailing list archive

[John Lenton <john.lenton@xxxxxxxxxxxxx>]

I know you said leave 2fa out, but there's no reason we can't make the
phone a 2fa device, and do 2fa with it semi-transparently to the user.
Is there?

On 1 September 2014 19:39, Martin Albisetti
<martin.albisetti@xxxxxxxxxxxxx> wrote:
> So, iCloud was hacked somehow. I haven't seen any details as to how,
> but reading about people panicked and confused on twitter led me to a
> tweet[1] that said:
>
> "Of course people pick terrible iCloud passwords. You can't enter a
> good password 50x per week on a mobile device. You'll go carpal."
>
> Which makes perfect sense. We have the same problem, we have a single
> sign on system, which is great for some things, but given the
> introduction of the phone with a touch-screen keyboard and mandatory
> password re-entry on app purchasing as well as new influx of users who
> create their account for the first time on the phone, people will tend
> to pick less secure passwords.
>
> Leaving aside 2FA as the answer, as it's clearly not widely adopted
> (for its complexity?), what can we do to make this a bit better in our
> platform?
> Can we confirm purchases and other tasks that are frequently used
> somehow differently than with the account password, and encourage
> (and/or force) better passwords for the general account?
>
> To try and reduce the scope of the discussion, I'm mostly looking for
> proposals that would be implementable in the short or mid term, rather
> than changes that would require 6 or more months to implement across
> the platform (which we may need to, but I wouldn't want to start off
> that discussion here and now).
>
>
> Any other ideas?
>
>
>
> thanks!
>
>
> [1] https://twitter.com/matthew_d_green/status/506427220546826240
> --
> Martin
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp