[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: KWallet integration
From: Waldo Bastian <bastian () kde ! org>
Date: 2003-09-04 10:30:13
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 04 September 2003 11:32, Martin Konold wrote:
> Am Thursday 04 September 2003 11:08 am schrieb Stephan Kulow:
>
> Hi,
>
> > > Your goal is impossible to be reached!
> >
> > Well, sure. It's all about the right limits. There is a difference
> > between a) installing trojan horses and steal your passphrase
> > and
> > b) click in kmail/kgpg
>
> Yes, I understand this difference but what is the advantage of putting the
> obstacle into kwallet instead of the screensaver?
I think they should be coupled:
Activation of the screensaver should be a trigger condition for kwallet (or
any other password storage mechanism) to (optionally) require
reauthentication (or forget any stored password)
The setting for that is closesly related to the setting of whether you want
your screensaver to ask for reauthentication (lock). E.g. some common
combinations could be:
* No password on screensaver but kwallet requires reauthentication after
screensaver has been activated. (Your housemates can share your computer but
not your credit card)
* Password on screensaver, but kwallet does not require reauthentication.
(Other people are not supposed to use your computer anyway and you don't want
to keep retyping your wallet password)
* Password on screensaver and kwallet requires reauthentication.
(You are either very paranoid or a small subset of people are allowed to
access your account but not your credit card)
Even if kwallet would require authentication every time a certain password was
used it would still have the benefit that you would only need to remember
this single password and not the 7 different passwords that you have for 7
different sites.
Cheers,
Waldo
- --
bastian@kde.org -=|[ SuSE, The Linux Desktop Experts ]|=- bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/VxQ1N4pvrENfboIRAuVRAKCYA2flZCZse1zbAmT50ZXWfIBnrACglqwA
ZHNSLpfMwvJWTR0HFKxijvk=
=M5hK
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic