|
|
|
|
|
|
by joveian
2236 days ago
|
|
|
Personally, I don't like operating systems that train users to enter login credentials while using the system as this increases the chance of someone capturing those credentials via spoofing. I used to think Firefox trying to protect the entered passwords made some sense, but I've been convinced it isn't really such a good idea. Better would be a full profile being protected (with all files encrypted), or just rely on an OS level lock screen for inactivity lockout. I'm not sure if the current system actually prevents recovering the passwords. Do they require this authorization even to use a show password option on a website or the equivalent effect via bookmarklet-style javascript? I suspect they don't and it doesn't try to protect from intentional theft only casual viewing of passwords. This might still be valuable for some people, but it would be more valuable to fully protect the profile. I worry that people will think they are more protected than they actually are and that this effect will be increased by the use of system login credentials. Also, IMO the list of sites that you have passwords for should be treated as just as sensitive as the passwords themselves. I think as is you can often see the sites with accounts, visit them, and have the current password autofilled into the old password field of the change password dialog. The "generate password" option is great, even though personally I would make it 21 characters rather than 15 (there might be an option for that?). IMO, no one should ever choose a password. |
|
|
On mobile OSes, capabilities are enabled by default. Even Symbian already had such. OpenBSD utilizes pledge to minimize impact.