Currently, Ubuntu will by default require the user's login password when a program (Empathy or Gwibber, for instance) attempts to access the system keyring, unless the user entered her\his password when logging in. I'm guessing this was done for security, to prevent unauthorized users from accessing important user passwords. However, there are a number of reasons why this is ineffective:
- *It doesn't apply to FireFox or (In UNE Maverick) Chrome.* Normally, these applications store far more important passwords than the system keyring. - *It provides no protection from malware*, since malware can just display a fake keyring password dialog. - If an unauthorized user obtains access *after the user has already unlocked the keyring, the protection is lost.* (My guess is that most users that use the keyring unlock it shortly after login; but I have no real data on this) The better solution for security-conscious users is to enable home directory encryption, which not only protects keyring passwords, but also documents and Firefox\Chrome passwords. Therefore, requiring a user password for the keyring is nearly useless; and it's annoying to have to enter one's password when launching Gwibber\Empathy, particularly if they run on startup. Based on these reasons, it might be a good idea to use unsafe storage for passwords by default, with a good way to turn it on for those users that want it.
_______________________________________________ Mailing list: https://launchpad.net/~ayatana Post to : [email protected] Unsubscribe : https://launchpad.net/~ayatana More help : https://help.launchpad.net/ListHelp
