Nico Kadel-Garcia
2015-Jan-24 02:46 UTC
Usability issue when forced to change password when logging in to a system
On Fri, Jan 23, 2015 at 10:50 AM, Peter Stuge <peter at stuge.se> wrote:> John Olsson M wrote: >> it looks like OpenSSH does not cache and copy the authentication password > .. >> So I am wondering if there is any reason for doing like this? > > Data hygiene is one.Also, in my opinion as more of an admin than a developer, any bug in a routine that stores psswords temporary in plain text is *begging* to have a bug or get an unexpected modification that publishes the passwords somewhere else. Basically, never handle or store dangerous information that you don't *have* to store.
John Olsson M
2015-Jan-26 07:34 UTC
Usability issue when forced to change password when logging in to a system
On 2015-01-24 03:46, Nico Kadel-Garcia wrote:> On Fri, Jan 23, 2015 at 10:50 AM, Peter Stuge <peter at stuge.se> wrote: >> ... >> So I am wondering if there is any reason for doing like this? >> Data hygiene is one. > Also, in my opinion as more of an admin than a developer, any bug in a > routine that stores psswords temporary in plain text is *begging* to > have a bug or get an unexpected modification that publishes the > passwords somewhere else. Basically, never handle or store dangerous > information that you don't *have* to store. >There is always a need to strike a balance between security and usability. Sometimes it is missed that good usability also gives good security... What about changing the dialog like this? (The instructions matches better what it is the system wants to user to actually do, that is first enter the old password and then start thinking about the new password.) Login As: Foobar Password: Your password has expired. Retype your old password. Old Password: Choose a new password. New Password: Retype your new password New Password: Could this be implemented without the need for caching any password (old or new) in clear text? /John
Peter Stuge
2015-Jan-26 11:33 UTC
Usability issue when forced to change password when logging in to a system
John Olsson M wrote:> What about changing the dialog like this? (The instructions matches betterI think there's a good case to be made for OpenSSH to not provide any instructions at all unless it is in charge of the dialog itself. Have you checked that the current instructions are actually output by OpenSSH? The string seems to be in openbsd-compat/bsd-cray.c inside #ifdef _UNICOS> Login As: Foobar > Password: > Your password has expired. Retype your old password.I'd argue simply for "Your password has expired."> Old Password: > Choose a new password. > New Password: > Retype your new password > New Password:> Could this be implemented without the need for caching any passwordWhy don't you try? All arguments are better received with a patch. //Peter