updated PIN -> Passcode ** Summary changed:
- [System Settings] [design] allow PINs of variable length instead of just 4 digits + [System Settings] [design] allow Passcodes of variable length instead of just 4 digits ** Description changed: - Currently when setting a PIN on the device, it must be 4 digits. This is - artificially limiting. Other platforms (eg Android) allow longer PINs. - It has always been my understanding that we should support Swipe, - Passphrase and PIN where Passphrase and PIN can be arbitrarily long. + Currently when setting a Passcode on the device, it must be 4 digits. + This is artificially limiting. Other platforms (eg Android) allow longer + Passcodes. It has always been my understanding that we should support + Swipe, Passphrase and Passcode where Passphrase and Passcode can be + arbitrarily long. - However, once longer PINs are supported, we will have to add an Enter - key. Right now, the lockscreen checks the PIN once 4 digits are added so - that you don't have to press Enter. I guess this was done for usability, - but would be a security issue because an attacker can easily determine - the PIN length, which makes it easier to for an attacker to guess the - PIN. Eg, if I have a 5 digit PIN set, then an attacker need only type - '11111' and know that the PIN is only five characters. Now, a PIN isn't - strong to begin with and an automated attack could rather quickly brute - force PINs, but we shouldn't make it easier for someone manually trying - to guess the PIN. + However, once longer Passcodes are supported, we will have to add an + Enter key. Right now, the lockscreen checks the Passcode once 4 digits + are added so that you don't have to press Enter. I guess this was done + for usability, but would be a security issue because an attacker can + easily determine the Passcode length, which makes it easier to for an + attacker to guess the Passcode. Eg, if I have a 5 digit Passcode set, + then an attacker need only type '11111' and know that the Passcode is + only five characters. Now, a Passcode isn't strong to begin with and an + automated attack could rather quickly brute force Passcodes, but we + shouldn't make it easier for someone manually trying to guess the + Passcode. The passphrase lockscreen prompt correctly allows variable length passphrases and requires you to press Enter. I suggest moving the 'X' up t the left of '0' and an Enter symbol to the rigth of '0'. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1363214 Title: [System Settings] [design] allow Passcodes of variable length instead of just 4 digits To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ux/+bug/1363214/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
