Shawn Walker wrote:
> On 24/06/07, Riny Qian <Riny.Qian at sun.com> wrote:
>> Shawn Walker wrote:
>> > Instead of a flat out password required on switch, by password
>> > required on switch after X seconds of inactivity could be done?
>> Yes, I think it could be done, but not secure. Would the extra
>> complexity bring us much value? Users may need to remember how
>> many seconds left for an inactive session? For simplicity, users
>> can just directly disable the secure switch.
> Well, that just turns of all security then. I'd rather feel somewhat
> safe knowing that if I walk away from a terminal for so long that it
> will be secure automatically after a specified time period.
Here you're still not 100% sure that it's secure, and as you said, it's
just "somewhat safe". The problem here is "how long", and it's not
secure by nature.