Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Passwords visible in keyring

  1. #11
    Join Date
    Feb 2009
    Beans
    28

    Re: Passwords visible in keyring

    It is that configuring-an-account part that makes it so tricky. One example is RKWard, a very handy R GUI, but it took me forever to get it working. I tried it under the guest account, but it turns out to crash again as it used to do under my own account. Should have been more careful....

    I'm still hoping to find a "good enough for me" solution, comparable t the master-password in firefox

  2. #12
    Join Date
    Nov 2006
    Location
    Belgium
    Beans
    3,025
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Passwords visible in keyring

    Quote Originally Posted by lesser View Post
    Don't forget that they are all Windows users, so they are used to drive letters and if a drive letter is not there, they are helpless.

    I don't know if they can install keyloggers without the sudo password, but I don't believe people would go through so much trouble. I'm simply not that interesting. On the other hand, I do not want to advertise my passwords.

    I agree with bodhi.zazen, requiring a password to make stored passwords visible would be a good idea. I'm sure most users don't lock their computer when they go grab a cup of coffee. It takes only 5 s now to view all stored passwords. I would consider that a vulnerability.
    They don't actually need to install keyloggers - there are simpler methods than that, that only involve editing files your account has access to without sudo.

    You might also ask yourself if it's such a good idea to have one linux in an all windows team if you need to be able to swap computers. Or maybe you need a way of sharing work / info / ... without exchanging computers.
    That's a whole other discussion, I know, but it might actually be the underlying poblem.

    like bodhi.zazen said: the passwordless keyring is a minor issue compared to your insecure computing habits, but ok, maybe a password option might be a good idea. Should you / anyone using your account be allowed to reset that master pass ?

  3. #13
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Passwords visible in keyring

    you can just copy over your settings for that tool to the other user account (and chown accordingly then).

    That's the good thing about having config files.

  4. #14
    Join Date
    Apr 2005
    Beans
    90

    Re: Passwords visible in keyring

    I have voiced my opinion about this in Firefox forum and yet it receive same reactions. I haven't though talk about keyrings that have similar behaviour which is "revealing password in cleartext"

    They told me that my insecure computing habits that should be fixed and I should put and entered master passwords everytime I opened Firefox.

    I agree with that both Firefox and keyrings will be very secure if master password were set and asked about. However us, the desktop users desire some balance between convenience and security, unlike servers or other highly secure setups that put security at the top.

    What we want is that there should be an option to put password-required-access to reveal the password in cleartext, instead of locking everything.

    I'm sorry if I use Firefox as the example since they behave similarly in making password in cleartext accessible easily through GUI.

    I think this is an important matter, especially for people who recently or will switch to open source application from windows, since this can literally make the box less insecure than windows. * imagine people can look directly at the password. Yeah..insecure computing habits, but still many people will do it like what they did in windows. Isn't it? "

    I love opensouce community for their hardwork and free as beer software. I shouldn't have asking( or complaining ? LOL ) for things that I use freely. But I think small matter like this will determined the future of opensource and linux desktop in the sense making linux more friendly and secure for everyone.

  5. #15
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Passwords visible in keyring

    Quote Originally Posted by hyapadi View Post
    I have voiced my opinion about this in Firefox forum and yet it receive same reactions. I haven't though talk about keyrings that have similar behaviour which is "revealing password in cleartext"

    They told me that my insecure computing habits that should be fixed and I should put and entered master passwords everytime I opened Firefox.

    I agree with that both Firefox and keyrings will be very secure if master password were set and asked about. However us, the desktop users desire some balance between convenience and security, unlike servers or other highly secure setups that put security at the top.

    What we want is that there should be an option to put password-required-access to reveal the password in cleartext, instead of locking everything.

    I'm sorry if I use Firefox as the example since they behave similarly in making password in cleartext accessible easily through GUI.

    I think this is an important matter, especially for people who recently or will switch to open source application from windows, since this can literally make the box less insecure than windows. * imagine people can look directly at the password. Yeah..insecure computing habits, but still many people will do it like what they did in windows. Isn't it? "

    I love opensouce community for their hardwork and free as beer software. I shouldn't have asking( or complaining ? LOL ) for things that I use freely. But I think small matter like this will determined the future of opensource and linux desktop in the sense making linux more friendly and secure for everyone.
    No real need for you to rant like this, you are making false generalizations.

    First, if you read my post I suggested this was a problem and that is should be reported as a bug.

    Second, you need to enter a password in Firefox to view stored passwords in clear text.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  6. #16
    Join Date
    Apr 2007
    Beans
    6

    Re: Passwords visible in keyring

    I whole-heartedly agree with the original poster.

    The fact that Seahorse simply allows you to view passwords is tremendously insecure.

    The main reason is that 90% of users don't even know that it's possible. I've been an avid Ubuntu user since Feisty and just found out about this functionality three months ago -- and totally by accident. I chanced on to it when I needed to change my default keyring password.

    The second reason is that people constantly step away from their computers for a moment or two to get coffee and forget to lock it. Sure, that's the user's fault. But the worst thing that should happen is that the user's email gets compromised.

    For someone to easily get the password to an Exchange server, for example, and thus domain credentials -- is terrifying.

    I'm now extremely paranoid about leaving my computer unlocked even after uninstalling Seahorse. (Are there other programs that do this same thing? I just don't know.) I'm not sure how to design it better. And I do understand that people will be annoyed at having to enter their password more than once. Regardless, the current design is flawed.

    This has already been reported as a "feature request". I checked when I first found the functionality. I personally think that it's a show-stopper.

  7. #17
    Join Date
    Apr 2005
    Beans
    90

    Re: Passwords visible in keyring

    @all
    I have received infraction for this post. I personally apologized for this.

    @seanman
    can I have the link for the "feature request" about this?

    Thanks

  8. #18
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Passwords visible in keyring

    Quote Originally Posted by hyapadi View Post
    @all
    I have received infraction for this post. I personally apologized for this.
    Thank you hyapadi, it took a lot of courage to post that and shows a lot of maturity.

    In recognition of your actions, I am going to reverse the infraction. Your post clearly shows you understand my message.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  9. #19
    Join Date
    Apr 2007
    Beans
    6

    Re: Passwords visible in keyring

    @hyapadi:

    Bug #189774 reported by Rocko on 2008-02-06
    "seahorse shows passwords without verification"

  10. #20
    Join Date
    Dec 2009
    Beans
    3

    Unhappy Re: Passwords visible in keyring

    I'm having a similar issue. We are not allowed to give our users the WIFI Code. We set it up for them and they should not be able to access it but the key ring allows them to see the code in plain text. and with out access to the keyring they cant access the WIFI. Its Simply a deal breaker for using Ubuntu in our environment.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •