login UI is prone to exposing password

Reported by John Belmonte on 2012-09-27
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ayatana Design
Undecided
Unassigned
unity-greeter (Ubuntu)
Medium
Unassigned

Bug Description

The Unity login screen employs a single field that is used for both login name and password entry. It's fairly easy to get confused as to the current mode and enter your password when login name is expected, thereby exposing your password to onlookers.

Here are some scenarios leading to this confusion:

    * password re-entry (for general login) -- upon unsuccessful password attempt, the user might assume that only password is being reprompted, when actually the login name must be entered again.

    * enumerated vs. general login -- the user may typically use his enumerated login (where username selected and only password is typed) and fail to notice that general login has been selected (perhaps by another person tampering with the login screen). He'll type his password when login name is expected.

For security reasons the login UI needs to be very explicit about what fields are used for password. Textual indicators (e.g. grayed "Password" placeholder in field) don't seem to be a distinctive enough cue-- my guess is people don't pay attention to login screen text beyond their first encounter. A spacial separation is warranted. Using a single, modal field for both login and password appears especially error prone.

Robert Ancell (robert-ancell) wrote :

Adding design task to comment on this.

Changed in unity-greeter:
importance: Undecided → Low
importance: Low → Wishlist
Changed in unity-greeter (Ubuntu):
importance: Undecided → Wishlist
no longer affects: unity-greeter
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity-greeter (Ubuntu):
status: New → Confirmed
Margarita Manterola (marga-9) wrote :

I've seen several users be affected by this (me included). It's particularly common for users to just expect to enter their password because that's what they normally do, while for some unknown reason the greeter is asking for the username instead (the enumerated vs general case above).

This is a security issue, not only because other people watching the screen might see the password being typed, but also because the failed username is logged to syslog in cleartext.

Please make it much more clearer when asking username vs password.

Changed in unity-greeter (Ubuntu):
importance: Wishlist → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers