[System Settings] [design] allow Passcodes of variable length instead of just 4 digits
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-system-settings (Ubuntu) |
Expired
|
High
|
Unassigned | ||
unity8 (Ubuntu) |
Expired
|
High
|
Unassigned |
Bug Description
Currently when setting a Passcode on the device, it must be 4 digits. This is artificially limiting. Other platforms (eg Android) allow longer Passcodes. It has always been my understanding that we should support Swipe, Passphrase and Passcode where Passphrase and Passcode can be arbitrarily long.
However, once longer Passcodes are supported, we will have to add an Enter key. Right now, the lockscreen checks the Passcode once 4 digits are added so that you don't have to press Enter. I guess this was done for usability, but would be a security issue because an attacker can easily determine the Passcode length, which makes it easier to for an attacker to guess the Passcode. Eg, if I have a 5 digit Passcode set, then an attacker need only type '11111' and know that the Passcode is only five characters. Now, a Passcode isn't strong to begin with and an automated attack could rather quickly brute force Passcodes, but we shouldn't make it easier for someone manually trying to guess the Passcode.
The passphrase lockscreen prompt correctly allows variable length passphrases and requires you to press Enter.
I suggest moving the 'X' up t the left of '0' and an Enter symbol to the rigth of '0'.
Changed in unity8 (Ubuntu): | |
importance: | Undecided → High |
summary: |
- require 'Enter' key when entering PIN + please allow PINs of variable length and require 'Enter' key when + entering PIN |
tags: | removed: rtm14 |
description: | updated |
tags: | added: rtm14 |
description: | updated |
summary: |
- please allow PINs of variable length and require 'Enter' key when - entering PIN + allow PINs of variable length instead of just 4 digits |
Changed in ubuntu-ux: | |
importance: | Undecided → High |
assignee: | nobody → Olga Kemmet (olga-kemmet) |
status: | New → Confirmed |
tags: | added: touch-2014-10-30 |
Changed in ubuntu-ux: | |
assignee: | Olga Kemmet (olga-kemmet) → Matthew Paul Thomas (mpt) |
Changed in ubuntu-ux: | |
status: | Confirmed → Triaged |
summary: |
- allow PINs of variable length instead of just 4 digits + [System Settings] allow PINs of variable length instead of just 4 digits |
summary: |
- [System Settings] allow PINs of variable length instead of just 4 digits + [System Settings, design] allow PINs of variable length instead of just + 4 digits |
summary: |
- [System Settings, design] allow PINs of variable length instead of just + [System Settings] [design] allow PINs of variable length instead of just 4 digits |
Changed in ubuntu-system-settings (Ubuntu): | |
assignee: | nobody → Pat McGowan (pat-mcgowan) |
importance: | Undecided → High |
status: | New → Confirmed |
assignee: | Pat McGowan (pat-mcgowan) → nobody |
tags: |
added: touch-2014-11-13 removed: touch-2014-10-30 |
tags: |
added: ota-2 removed: touch-2014-11-13 |
Changed in unity8 (Ubuntu): | |
assignee: | nobody → Michael Zanetti (mzanetti) |
Changed in unity8 (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in ubuntu-system-settings (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in ubuntu-ux: | |
status: | In Progress → Confirmed |
Changed in ubuntu-ux: | |
status: | Confirmed → Triaged |
Changed in unity8 (Ubuntu): | |
assignee: | Michael Zanetti (mzanetti) → nobody |
no longer affects: | ubuntu-ux |
This (4 digit and auto-confirmation) was an explicit and reiterated design request. Added ubuntu-ux for reflection then.
FWIW the lockscreen will only allow you typing the PIN a few times before getting locked up for 5 minutes (or reboot...), that should help slightly with the robustness of the lock.