[Breeze] [Bug 374074] Lock Screen: "Show Password" - lockscreen vulnerable to social engineering

Elias Probst bugzilla_noreply at kde.org
Fri Dec 23 11:07:24 UTC 2016


https://bugs.kde.org/show_bug.cgi?id=374074

--- Comment #5 from Elias Probst <mail at eliasprobst.eu> ---
(In reply to Kai Uwe Broulik from comment #4)
> From what I can tell the password field is disabled when it's still in grace
> period:
> 
> enabled: !authenticator.graceLocked

It's not disabled hereā€¦ the cursor blinks from the very first moment in the
input field once the screen is locked.

Even if it was disabled, it would still provide a false sense of security, as
seeing a password field when just briefly looking at the locked screen before
leaving the workplace, the visible password field tells me "this workplace is
secure, I need to enter password to access it".

I'd strongly vote for completely hiding it and possibly even indicating the
"insecure grace status" in some way during the grace period.

Maybe some UX people could weigh in here?

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Plasma-devel mailing list