authentication required prompt should specify why and use correct auth type
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Terminal App |
Confirmed
|
Medium
|
Unassigned |
Bug Description
As a result of bug 1347010 the terminal app now requests authorization.
However after the terminal has loaded the user is prompted with a popup which states (verbatim):
Authentication required.
Enter password
This looks somewhat alarming even if you do have legitimate use of the phone. How about the following as a possible improvement:
Authentication required to access *terminal app*
(since this application can make significant changes to your phone).
Please re-enter your [password|pin].
Improvements over current dialog:
1) The application that is requesting authentication is specified. This atleast allays the users fears that it might be some sort of trojan attempting to steal their password.
2) A justification is provided to explain why the user needs to re-auth.
3) Prompt confirms that the user is being asked to re-authorise.
4) Prompt specifies correct auth type (pin rather than password).
Also, I wonder if this might be one of a potential class of apps which need this extra line of protection. If so, should the re-auth request be made before the app is actually launched to reduce the attack surface further?
In fact, maybe the existing auth screen should just be redisplayed with a message at the top specifying which app is requesting a re-auth and why?
description: | updated |
description: | updated |
Changed in ubuntu-terminal-app: | |
status: | New → Confirmed |
importance: | Undecided → Medium |