[Trisquel-users] seahorse shows passwords without verification

ariel arielgnu at gmail.com
Mon May 9 22:07:57 CEST 2011


I just found out that, at least in firefox, you can establish a master
password that will prevent from showing you on screen the stored
passwords without it.

I do agree with what lcerf has said, but wouldn't be better to have this
things for seahorse too? That little extra of security won't do any harm
don't you think?

It had happened to me, many times, that friends of mine let me their
computer for a second just to make a quick fix. A bad friend will want
to see their social network, their email and such passwords first,
before their accounting and schedule. Should we be blaming the users for
been so careless? Couldn't the dev just add a seahorse master password?
I know it won't solve everything but wouldn't improve things?



On Sat, 2011-05-07 at 02:59 +0200, lcerf at gmail.com wrote:
> Again, if you apply what I wrote two messages ago (and it is really a matter  
> of seconds) you will be safe w.r.t. basic users. They will not only be able  
> to easily see the passwords in Seahorse but also those in Firefox, and your  
> personal accounting spreadsheets, and your personal agenda in Evolution,  
> and... Do you really want to make all your system check whether it is really  
> you before anything you do? No. Just create an invited user and (let the  
> screensaver) lock the screen when you leave (and lock the door of the room if  
> nobody is supposed to enter!).




More information about the Trisquel-users mailing list