[OOBE] please provide passcode/passphrase in intial setup screen

Bug #1348362 reported by Jamie Strandboge
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ubuntu UX
Fix Released
Critical
Olga Kemmet
ubuntu-system-settings (Ubuntu)
Fix Released
High
Michael Terry

Bug Description

Ubuntu Touch will soon have/now has the ability to set a PIN/password for the user. This should be configurable via the initial setup screen per Phone Delivery requirements. How this looks needs design, but the basic idea are there are 3 choices for the user: PIN, password and no password. PIN should be the default and appropriate language should be used for discouraging setting the device with no password. This is a requirement for RTM.

For a future consideration: an 'encrypt user data' option should be available when the user sets a password (but not a PIN, since using a PIN for an encryption key is not a useful security measure).

Related branches

Changed in ubuntu-system-settings (Ubuntu):
importance: Undecided → High
tags: added: rtm14
John Lea (johnlea)
Changed in ubuntu-ux:
assignee: nobody → Olga Kemmet (olga-kemmet)
importance: Undecided → High
status: New → Triaged
Changed in ubuntu-system-settings (Ubuntu):
importance: High → Critical
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Olga, can you mark your task as 'Critical' when you get a chance? (Updating rtm14 tagged bugs with what others are doing).

Michael Terry (mterry)
Changed in ubuntu-system-settings (Ubuntu):
assignee: nobody → Michael Terry (mterry)
Revision history for this message
John Lea (johnlea) wrote :

@jdstrand; Olga is working on this atm

Changed in ubuntu-ux:
importance: High → Critical
summary: - please provide PIN/password in intial setup screen
+ [OOBE] please provide PIN/password in intial setup screen
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: [OOBE] please provide PIN/password in intial setup screen

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-system-settings (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Terry (mterry) wrote :

I've got an unattractive but functional version in a merge proposal now. When Olga gets me beautiful visual designs, I can improve with a second iteration.

Changed in ubuntu-system-settings (Ubuntu):
status: Confirmed → In Progress
Changed in ubuntu-ux:
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-system-settings - 0.3+14.10.20140812.3-0ubuntu1

---------------
ubuntu-system-settings (0.3+14.10.20140812.3-0ubuntu1) utopic; urgency=low

  [ Ken VanDine ]
  * [battery] Updated based on latest designs, switching from brightness
    slider to progression which loads the brightness plugin.
    [brightness] Moved BrightnessSlider component to brightness plugin,
    since it's now only used in one place. (LP: #1289470)

  [ Sebastien Bacher ]
  * system-update: tweaks to the "no update available" label (LP:
    #1348568)

  [ William Hua ]
  * Use gsettings-qt in language panel.
  * Add auto-punctuation and keyboard vibration options. Also fix auto-
    completion to be auto-correction per spec. (LP: #1352398)

  [ Michael Terry ]
  * Implement a lock security page in the wizard. This page is super
    ugly right now and just the bare bones functionality needed to set a
    passcode or otherwise. Design is working on final visual design and
    we will update later. (LP: #1348362)

  [ jonas-drange ]
  * [cellular] uis for default SIM settings
  * [cellular] use expandable to show/hide sim editor and put the sim
    editor in a Loader element to optimize single sim setups
 -- Ubuntu daily release <email address hidden> Tue, 12 Aug 2014 19:23:51 +0000

Changed in ubuntu-system-settings (Ubuntu):
status: In Progress → Fix Released
Changed in ubuntu-ux:
status: In Progress → Fix Committed
Revision history for this message
Olga Kemmet (olga-kemmet) wrote :

As already mentioned to M. Terry: A passphrase option should't be included into the OOBE experience. It is enough asking the user to set a PIN for basic security. If a user is very concerned about personal data and would like to secure it further via encryption/passphrase, this option is available by simply going into the system settings. Plus, there is no personal data to protect if the phone was just booted out of the box

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I disagree with this assessment, it is counter to the future converged experience and I'm not comfortable giving security signoff for this (it does not meet requirements set out in https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData: "Provide configurable PIN/password support (should support both a PIN and password)").

In the OOBE, we should default to PIN, but allow passphrase for heightened security and swipe to unlock for no security. I don't particularly care how this is presented in the UI so long as PIN is default and swipe to unlock conveys something about data not being protected. Users wanting heightened security should not have to set a throwaway PIN to then have to hunt for how to change it-- this is a bad user experience and we will likely be criticized in reviews.

Furthermore, next cycle we plan to have encrypted user data and selecting encrypted user data will need to be part of the OOBE and a PIN will not be allowed for use with encrypted user data (the 'protections' in this case would be specious).

Lastly, for a fully converged experience, users will not want to use a PIN to protect their desktop and we will need to accommodate for that.

Considering all of this, we should support passphrase as opt-in.

Changed in ubuntu-ux:
status: Fix Committed → In Progress
Changed in ubuntu-ux:
status: In Progress → Fix Released
Revision history for this message
Michael Terry (mterry) wrote :

We don't have the final designs yet, so shouldn't the ubuntu-ux task be in progress?

Revision history for this message
Olga Kemmet (olga-kemmet) wrote :

That is correct. I changed it back to IN PROGRESS because new visuals are still missing.

Changed in ubuntu-ux:
status: Fix Released → In Progress
Revision history for this message
Benjamin Keyser (bjkeyser) wrote :

The visuals are in development now and will be delivered on Monday.

Revision history for this message
kevin gunn (kgunn72) wrote :

thanks, just put unity8 back to "new" and we'll get it lined up
and lowering the priority since we have something in place.

Changed in ubuntu-system-settings (Ubuntu):
importance: Critical → High
Michael Terry (mterry)
Changed in ubuntu-system-settings (Ubuntu):
status: Fix Released → New
Michael Terry (mterry)
Changed in ubuntu-system-settings (Ubuntu):
status: New → In Progress
tags: added: touch-2014-10-16
Revision history for this message
Antti Kaijanmäki (kaijanmaki) wrote :

please note the final resolution on "PIN code" vs. "Passcode":
https://bugs.launchpad.net/unity8/+bug/1361114/comments/23

Revision history for this message
kevin gunn (kgunn72) wrote :

@Giorgio 10/16 should be ok

Revision history for this message
Michael Terry (mterry) wrote :

@Antti, this branch does revert to passcode.

summary: - [OOBE] please provide PIN/password in intial setup screen
+ [OOBE] please provide passcode/passphrase in intial setup screen
Changed in ubuntu-ux:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-system-settings - 0.3+14.10.20141010-0ubuntu1

---------------
ubuntu-system-settings (0.3+14.10.20141010-0ubuntu1) utopic; urgency=low

  [ Michael Terry ]
  * Complete the unlock security screens and update a host of other
    small design issues. (LP: #1365034, LP: #1348362) (LP: #1365034,
    #1348362)
 -- Ubuntu daily release <email address hidden> Fri, 10 Oct 2014 18:02:19 +0000

Changed in ubuntu-system-settings (Ubuntu):
status: In Progress → Fix Released
Changed in ubuntu-ux:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.