[Breeze] [Bug 374074] Lock Screen: "Show Password" - lockscreen vulnerable to social engineering

[Elias Probst]

https://bugs.kde.org/show_bug.cgi?id=374074

--- Comment #5 from Elias Probst <mail at eliasprobst.eu> ---
(In reply to Kai Uwe Broulik from comment #4)
> From what I can tell the password field is disabled when it's still in grace
> period:
> 
> enabled: !authenticator.graceLocked

It's not disabled here… the cursor blinks from the very first moment in the
input field once the screen is locked.

Even if it was disabled, it would still provide a false sense of security, as
seeing a password field when just briefly looking at the locked screen before
leaving the workplace, the visible password field tells me "this workplace is
secure, I need to enter password to access it".

I'd strongly vote for completely hiding it and possibly even indicating the
"insecure grace status" in some way during the grace period.

Maybe some UX people could weigh in here?

-- 
You are receiving this mail because:
You are the assignee for the bug.