https://bugs.kde.org/show_bug.cgi?id=478076
Bug ID: 478076
Summary: Feature request : Add PAM module and mobile check to
provide biometric login to Linux PCs that don't have
hardware for it
Classification: Applications
Product: kdeconnect
Version: unspecified
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: common
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Target Milestone: ---
SUMMARY
A lot of people love biometric auth, because of its speed, security and ease of
use.
But hardware is not always there by default on PC and laptops (especially older
ones), and is rather expensive. For those who use multiple PCs and use/switch
very often, the use of a dedicated fingerprint reader is not very practical,
and fingerprint hardware keys are also expensive.
Today, the great majority of phone users have biometric auth (either touch or
face recognition).
Why not use it?
PROS & CONS
This could help for a lot of things:
- Speed for login especially for those that have long passwords
- Speed for auth, for those who have tight security settings (i personally use
sudo a lot, and have to retype my password very often as i switch terminals a
lot resetting the sudo timer)
- A great improvement for ease of use, so that when a password is prompted:
1- the phone rings a notification
2- the user unlock his phone
3- the app goes in the foreground (can be inspired from Google's 2FA)
4- triggers biometric auth
5- and allow login if biometrics succeeded.
But not only phones can be supported : other PCs can be used to allow login,
etc...
But this have some great drawbacks:
- You have to assume your allowed peripherals are secure enough to provide auth
login. This is a potential security weakness !
- You have to be aware of the fact that it allows external peripherals on the
network to allow authentication on your very own PC, allowing then physical
attackers to unlock your PC and leak your very own data (and others too via ssh
keys, admin passwords, etc...). This is a potential security vulnerability !
COMPONENTS
This feature request consists of 2 components :
- The first is a PAM module. This talks to peripherals that support biometric
login to ask for and receive authorization to proceed the user auth on the PC
side.
- The second is a peripheral-side feature in the app, that talks to the PAM
modules (not directly i hope) and calls the appropriate biometric auth method
for the platform.
Please tell if you have observations about this feature, improvements, or you
can just tell why this is great and which parts can help you in your everyday.
I want to make clear that the security issues will be explained well enough to
the user when the setting is activated, so the user is aware of the security
issues that this creates.
--
You are receiving this mail because:
You are watching all bug changes.
