I couldn't agree more. I have full device encryption enabled on my Xoom WiFi-only tablet, and I'd prefer the password only during initial power-up, and perhaps a "Time-out" setting for when the device is on. For example:
* Allow users to choose how long the device will remain "password-less" before actually requiring a password to unlock. I know a similar option exists, but this is not for when I press the Power button, it's a time-out for when the display auto turns off. I would like this time-out to be very customizable, say setting it to an hour, and perhaps a widget or something to enable it right away(if I'm away from home). Better yet, make the locking GPS aware! If I'm at home, don't lock it. I have a home security system for a good reason. * Alternate passwords would make the device more secure. Since I am entering in my 8 digit PIN like a hundred times a day, there's bound to be someone watching me at some point, and someone is going to figure it out. If there was a separate decryption password, from an unlock password, this would make the feature that much more secure. The decryption password is only used like 1 a week or so, and in the privacy of my own home. * My Linux laptop is encrypted via LUKS, and it's password is very very long, as I only need to type it in once a day during boot-up. My user password is obviously different. Not sure if people of Windows and OS X do their BitLocker/Vault passwords the same. However, having your drive encryption password different from the password you tend to type in 20 times a day or more is just better security practice. User passwords tend to change every 30 days, whereas a drive encryption password is rarely, if ever changed(as normally nobody sees it, and when it's being entered nothing is really running in the background to see the password). * Downside of having device encryption on, is that I cannot use those new ICS/Jelly Bean unlock screen features. I am tempted of turning of encryption, but then if my device does get stolen, or misplaced, I'd worry about my personal information and data. Which bring me to a final point: * All Android devices should be transparently encrypted. Meaning that a skilled hacker cannot easily use tools such as adb or fastboot to copy your data unless the device is properly unlocked somehow. These are mobile devices, and are the easiest for criminals to swipe. It should be common sense to have them encrypted all the time. - Transparent as in, end-user boots up device, user doesn't even realize that it's encrypted. A key could be fed from the users Google account, which can then be expired if their device is stolen to prevent the device from fully booting. - Regular unlock methods can be used for encryption. The pattern unlock for example can encrypt the device, making the encryption entirely transparent to the end-user. A pattern can generate a key of some sort depending on how the pattern is generated, such as each point being a random set of alphanumeric characters(which could even vary by device). Face unlock could use a checksum of the image or something similar which cannot be easily duplicated without access to the original photo used. I use an md5sum of an image on my hard disc as my Wireless key for added security. :) I never keep a copy of the checksum, just the image file itself, which is mixed with my other images in my Photos folder. I manually enter in the key whenever needed. Those are my 2 cents about the current state of Android device encryption. On Sun, Jul 22, 2012 at 10:28 AM, kulturuke <[email protected]> wrote: > I am sure I am not the only one using full device encryption who would > prefer > > - Being able to use swipe to unlock nstead of typing the password 20 times > per day. Or choose a simpler > code for this purpose. > > - Typing the password once instead of twice at boot up > > - Not having to type the password right after a call hang up > > Are these options planned for a future update? > > If you have a reasonably secure password full device encryption is rather > unusable as it is. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/Wu4BDMt7InwJ. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
