Bug 149403

Summary: Wallet should require re-authentication before revealing passwords
Product: [Applications] kwalletmanager Reporter: Jasper <jasper.noid>
Component: generalAssignee: George Staikos <staikos>
Status: RESOLVED DUPLICATE    
Severity: wishlist    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:

Description Jasper 2007-08-31 04:48:38 UTC
Version:           1.1 (using KDE KDE 3.5.6)
Installed from:    Unlisted Binary Package

At the risk of causing offense, I want to bring to renewed attention the issue that was worded differently in Bug 80063 some 2 years ago. At the time the point was made that the wallet shouldn't show the passwords in plain text. I'd like to rephrase the issue in the hope of convincing someone that this is worthy of attention.

In my opinion (and also in the opinion of a commenter on the original bug), the wallet should require *re-authentication* before showing the passwords. I believe re-authentication before exposing security settings to be a fairly standard practice: Yahoo mail, for example, requires it before allowing a password change.

The issue is that without the wallet requiring re-authentication, leaving one's desktop unlocked becomes an unneccesarily great liability. If I leave my desktop but the wallet requires authentication, a malicious party with physical access to my computer can essentially access anything that my wallet allows access to - but only for the duration of my absence, because he/she will have to scurry when I return from my coffee/bathroom break. However, in its current form the wallet doesn't require re-authentication before revealing account details, so now the evil party can open up my wallet, jot down the account details and take off to later abuse my accounts at his leisure from the comfort of his home - without me even knowing it.

To be frank, this risk is too great for me. Yes, obviously I should lock my desktop, but to forget is only human. I don't think it is reasonable to justify leaving a security issue unaddressed just because users with perfect unfailing memories aren't affected by it. I am frankly a bit suprised that the original bug was rejected, especially because it seems the re-authentication I am proposing here would fix it in a clean and simple way. Also I don't get the point made in the original bug that for any scheme there is a 30-second hack to counter it; what 30-second hack circumvents re-authentication?
Comment 1 Michael Leupold 2008-05-06 23:52:13 UTC
While cleaning up bugs I recognized there were quite some reports about that. Closing this as the other one is older.

*** This bug has been marked as a duplicate of 147873 ***