Saturday, January 8, 2011

Secure While Away From Keyboard

Security is something we all value and treasure. We like knowing the front door to our home is locked when in the cities, we appreciate the safety of our valuables in our vehicles, and we are strict guardians of our privacy. If you use Linux there may be a gap you are not aware of, just as I was not aware of it.

If you use wireless, an email client, chat client, or anything else the system might ask if it wants to save your password (or in my case doesn't); you could be vulnerable to having your passwords retrieved while you are absent. What am I talking about? The program that manages your passwords and encryption keys called Seahorse sometimes by default leaves your passwords in an accessible unlocked state in a folder called login. From here I can retrieve on my system my passwords for my Google and Hotmail accounts. This is rather discomforting for someone like me since I am a network administrator. If my passwords get leaked, that could mean serious trouble.


For the past month or two I have been paranoid about this discovery resulting in a prompt lock of my laptop's screen until my return. It's a good policy anyway, and I will continue to do it, but you can have a password required to use the keyring by right clicking on this folder and telling it to lock. The password to unlock it or use the keyring is your user account password. You can change this password which I have done to enhance security.


This makes me feel a little easier about my passwords and should help me sleep better in the future. I hope it does the same for you. I will mention more things you can do to keep the system secure in another article.

Update: January 13, 2011

Apparently every time you type in the password it unlocks that folder. For a little while I felt more secure. I am still looking into how to lock this program up, and there has been some discussion on the Seahorse mail list to implement password protect to view passwords. http://mail.gnome.org/archives/seahorse-list/2009-November/msg00005.html

Update: March 27, 2013

I just read this blog post which states the issues with having password protection on the Keyring or in Seahorse itself. In summary if they did that you would have to enter your password any time an application needs access to the keyring, and Seahorse password protection alone would provide a false sense of security. The solution is to lock your screen before you leave which is what I have done for the past two years with the exception of Fedora 15 when lock was broken. Since I was one a few Linux users in my environment I switched to the terminals you can get to using Ctl+Alt+F1-6. Only two or three people knew what they were looking at when I did that, so it was reasonably safer but not entirely.

No comments:

Post a Comment