More clearly document day-to-day passwords/passphrase usage #74
Comments
|
@gonzalo-bulnes Curious about your impressions here as you dig into setting up Qubes/SecureDrop Workstation; this could be a nice docs issue to collaborate on, as well. |
|
Thanks for the heads up @eloquence, I take note. Let me rephrase to check I'm understanding this correctly. On the Qubes OS side, I get the full-disc encryption (FDE) and OS passphrases. I don't use the FDE passphrase too often but I suppose that depending on the circumstances we may suggest journalists to shutdown their workstations when they leave them unattended maybe a few times a day? I assume that in addition to that we get the (one) SecureDrop passphrase only, because the Workstation uses split-GPG without a password on the key. Based on the UI copy, I know that (at least some) SD sessions get closed because of inactivity, so unless I'm missing something, we're talking about three passphrases that all get used fairly often. It is significant indeed. Constraints
I haven't looked at the SD passphrase prompt yet. I'll review the docs and keep this in mind when I start setting up the workstation 👍 |
In the context of routine usage, the user has to juggle:
In addition, they are routinely interrupted by a screensaver that prompts for a password, using a nonstandard UX that does not resemble common lock screen designs. The FDE passphrase and OS password/passphrase have to be typed without a "show password" feature to detect possible errors. The caps lock indicator on the screensaver password prompt is fairly subtle, as well.
For now, we should do what we can in the docs (and training slides) to make it clear what passwords/passphrases are involved in normal usage of the system, and include screenshots of the screensaver prompt as well so it does not come as a surprise.
The text was updated successfully, but these errors were encountered: