Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: unity-greeter (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to unity-greeter in Ubuntu.
https://bugs.launchpad.net/bugs/1057437
Title:
login UI is prone to exposing password
Status in Ayatana Design:
New
Status in “unity-greeter” package in Ubuntu:
Confirmed
Bug description:
The Unity login screen employs a single field that is used for both
login name and password entry. It's fairly easy to get confused as to
the current mode and enter your password when login name is expected,
thereby exposing your password to onlookers.
Here are some scenarios leading to this confusion:
* password re-entry (for general login) -- upon unsuccessful
password attempt, the user might assume that only password is being
reprompted, when actually the login name must be entered again.
* enumerated vs. general login -- the user may typically use his
enumerated login (where username selected and only password is typed)
and fail to notice that general login has been selected (perhaps by
another person tampering with the login screen). He'll type his
password when login name is expected.
For security reasons the login UI needs to be very explicit about what
fields are used for password. Textual indicators (e.g. grayed
"Password" placeholder in field) don't seem to be a distinctive enough
cue-- my guess is people don't pay attention to login screen text
beyond their first encounter. A spacial separation is warranted.
Using a single, modal field for both login and password appears
especially error prone.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ayatana-design/+bug/1057437/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
