unity-design team mailing list archive

[Dieki N <dieki.ubuntu@xxxxxxxxx>]

Currently, Ubuntu will by default require the user's login password when a
program (Empathy or Gwibber, for instance) attempts to access the system
keyring, unless the user entered her\his password when logging in. I'm
guessing this was done for security, to prevent unauthorized users from
accessing important user passwords. However, there are a number of reasons
why this is ineffective:


   - *It doesn't apply to FireFox or (In UNE Maverick) Chrome.* Normally,
   these applications store far more important passwords than the system
   keyring.
   - *It provides no protection from malware*, since malware can just
   display a fake keyring password dialog.
   - If an unauthorized user obtains access *after the user has already
   unlocked the keyring, the protection is lost.* (My guess is that most
   users that use the keyring unlock it shortly after login; but I have no real
   data on this)

The better solution for security-conscious users is to enable home directory
encryption, which not only protects keyring passwords, but also documents
and Firefox\Chrome passwords.

Therefore, requiring a user password for the keyring is nearly useless; and
it's annoying to have to enter one's password when launching
Gwibber\Empathy, particularly if they run on startup.
Based on these reasons, it might be a good idea to use unsafe storage for
passwords by default, with a good way to turn it on for those users that
want it.