GNOME Bugzilla – Bug 576676
“Automatically unlock when I log in” considered harmful
Last modified: 2021-06-18 10:40:47 UTC
Whenever gnome-keyring asks for the passphrase to unlock a key, it also presents the “automatically unlock this ... when I log in” checkbox. I find this annoying for the two usual reasons we usually discourage this kind of UI: - it’s easy to enable this by mistake - it’s not obvious how to revert this change It should be made as easy as possible to enable/disable this for each key in seahorse-preferences – and currently it is not – instead of showing this dangerous UI.
Yes, good catch, this is planned for 2.28.
This is specifically a critical security issue since the checkbox happens to be preselected by default (since at least two years). > - it’s easy to enable this by mistake That means due to bug #740734/#725641 it does not even require an uncautious user or even an unconscious click by an expert user. Currently the user must uncheck the checkbox everytime to retain the same level of security.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/ Thank you for your understanding and your help.