[Bug 878906] Re: Not obvious that giving your account a password is not physical security
Matthew Paul Thomas
mpt at canonical.com
Mon Oct 22 09:03:32 UTC 2012
If the "Encrypt the new Ubuntu installation for security" checkbox
explained that a password alone isn't physical security, and if people
would remember that explanation by the time they arrived at the "Who are
you?" step, that would be enough. But I don't think either of those is
the case. This needs a little design work.
** Changed in: ubiquity (Ubuntu)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/878906
Title:
Not obvious that giving your account a password is not physical
security
Status in “gnome-control-center” package in Ubuntu:
Triaged
Status in “ubiquity” package in Ubuntu:
Confirmed
Bug description:
If you have a user account with a password, someone with physical
access to your computer can still access your account by holding down
Shift during startup, choosing recovery mode, and changing your
password.
This is an intractable problem. For example, from Microsoft's "10
immutable laws of security": "If a bad guy has unrestricted physical
access to your computer, it's not your computer anymore".
<http://technet.microsoft.com/en-gb/library/cc722487.aspx#EIAA>
However, probably it isn't obvious to a non-professional that a
password alone isn't enough to secure their stuff.
So perhaps, wherever Ubuntu lets you set a password (Ubiquity, System
Settings "User Accounts"), it should contain a brief (very brief)
explanation of this. Something like: "A password doesn’t protect
against someone with physical access to the computer."
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/878906/+subscriptions
More information about the foundations-bugs
mailing list