Entering passphrase on a phone is annoying
17 views
Skip to first unread message
matej....@gmail.com
Jan 3, 2018, 2:23:17 PM1/3/18
to K-9 Mail
Hi,
I have read opened Github issues about sending encrypted-only e-mails, I also have read https://k9mail.github.io/2017/01/30/OpenPGP-Considerations-Part-II.html, and I perfectly understand the developer's reasoning when they decided to not allow sending encrypted-only e-mails.
But on the other side, it is very annoying for users to enter passphrase, which is in practice leading to that, that users:
- do not encrypt e-mails at all;
- use short (weak) passphrases;
- set passphrase to empty.
In each case the result is quite opposite of what developers wanted - now we have even less secure users. OK, there is another option - users on mobile phones are just moving towards Signal app use (which is not bad at all).
So my question is - is it possible to design ux in such a way, that unlocking key won't be annoying (or be at least less annoying), while e-mails sent will be encrypted and signed? I have read there has been thinking about unlock pattern, maybe there is some other option, but entering long passphrases is really not an option.
Regards,
M.
I have read opened Github issues about sending encrypted-only e-mails, I also have read https://k9mail.github.io/2017/01/30/OpenPGP-Considerations-Part-II.html, and I perfectly understand the developer's reasoning when they decided to not allow sending encrypted-only e-mails.
But on the other side, it is very annoying for users to enter passphrase, which is in practice leading to that, that users:
- do not encrypt e-mails at all;
- use short (weak) passphrases;
- set passphrase to empty.
In each case the result is quite opposite of what developers wanted - now we have even less secure users. OK, there is another option - users on mobile phones are just moving towards Signal app use (which is not bad at all).
So my question is - is it possible to design ux in such a way, that unlocking key won't be annoying (or be at least less annoying), while e-mails sent will be encrypted and signed? I have read there has been thinking about unlock pattern, maybe there is some other option, but entering long passphrases is really not an option.
Regards,
M.
David W. Jones
Jan 3, 2018, 2:50:27 PM1/3/18
to k-9-...@googlegroups.com
Well, Keepass2 Android password manager allows you to unlock your already-unlocked password store using the last 4 (which is userr-customizable) characters of the passphrase. Maybe K9 could handle things similarly?
David W. Jones
gnome...@gmail.com
wandering the landscape of god
http://dancingtreefrog.com
Sent from my Android device with K-9 Mail.
gnome...@gmail.com
wandering the landscape of god
http://dancingtreefrog.com
Sent from my Android device with K-9 Mail.
Matej Kovacic
Jan 3, 2018, 2:59:48 PM1/3/18
to k-9-...@googlegroups.com
David W. Jones je napisal(a):
K9 now caches passphrase, but I don't like this idea (passwords to be
cached), because someone else can use (abuse) your key. A lot of users
do not use screen lock, or you put down your phone and screen lock is
not yet activated, or someone grabs a phone from you... and then the
attacker can read your emails or even send fake GPG signed and encrypted
mails.
Maybe there should be another setting:
- enter passphrase each time;
- enter passphrase once (until cancellation or reboot), and then cache it;
- enter passphrase once, cache it, but for unlocking cache require PIN
or pattern.
In last case, if someone grabs a phone from you while it is unlocked, he
will still need a PIN or pattern to read emails (and after some
unsuccessfull attempts, cache should be cleared).
Comments?
Regards,
M.
> Well, Keepass2 Android password manager allows you to unlock your
> already-unlocked password store using the last 4 (which is
> userr-customizable) characters of the passphrase. Maybe K9 could handle
> things similarly?
Well, this is not so bad idea.
> already-unlocked password store using the last 4 (which is
> userr-customizable) characters of the passphrase. Maybe K9 could handle
> things similarly?
K9 now caches passphrase, but I don't like this idea (passwords to be
cached), because someone else can use (abuse) your key. A lot of users
do not use screen lock, or you put down your phone and screen lock is
not yet activated, or someone grabs a phone from you... and then the
attacker can read your emails or even send fake GPG signed and encrypted
mails.
Maybe there should be another setting:
- enter passphrase each time;
- enter passphrase once (until cancellation or reboot), and then cache it;
- enter passphrase once, cache it, but for unlocking cache require PIN
or pattern.
In last case, if someone grabs a phone from you while it is unlocked, he
will still need a PIN or pattern to read emails (and after some
unsuccessfull attempts, cache should be cleared).
Comments?
Regards,
M.
David W. Jones
Jan 4, 2018, 3:16:44 AM1/4/18
to k-9-...@googlegroups.com
back, it demands either the "QuickUnlock" entry I mentioned above, or
the full passphrase (option is user configurable).
Keepass2 Android also implements its own Android keyboard and clipboard,
so other applications cannot read any passwords from the clipboard.
I don't know how any of that fits into how K9 could handle a passphrase
for encrypting emails, though.
--
Reply all
Reply to author
Forward
0 new messages