Project

General

Profile

Feature #16998

Persistence feature: administration password

Added by sajolida 25 days ago. Updated 25 days ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Persistence
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Discuss
Blueprint:
Starter:
Affected tool:

Description

From the discussion on #15641, I felt the need to clarify whether having a persistence preset for the administration password is something we might want to do.

#15641 is about the screen locking password, which is the same as the administration password only when an administration password has been set. Otherwise, the screen locking password is chosen by the user on first use.

It's not clear to me whether we want a Persistence preset for the administration password as it means that either:

  • The user will have an administration password configured every time once they activated this feature. This goes against our advice of only setting up an administration password when needed as having an administration password set all the time might be a security risk.
  • The password is saved in the Persistence but the user still has to activate it in Tails Greeter every time they need it. This might not be worth the extra work.

Related issues

Related to Tails - Bug #15641: Persistence preset: screen locking password Confirmed 06/08/2018

History

#1 Updated by sajolida 25 days ago

  • Category set to Persistence

#2 Updated by sajolida 25 days ago

  • Related to Bug #15641: Persistence preset: screen locking password added

#3 Updated by intrigeri 25 days ago

It's not clear to me whether we want a Persistence preset for the administration password

I can think of use cases where this would be useful but I don't think it's worth the cost of the code (implementation, maintenance) + the slight UX regression for the vast majority of our users, who won't use this new option.

#4 Updated by op_mb 25 days ago

// you can get rid of the user boot assigned password anytime after completing a sudo task:

sudo rm -i /etc/sudoers.d/tails-greeter

// it will delete the file, effectively as if you started without specifying it
// so if sudo is needed for installing something, just run the line after, and its all good

#5 Updated by op_mb 25 days ago

also,

leaving tails with screen lock is just asking for Over the Shoulder Attacks

Also available in: Atom PDF