Actually this is very convenient because I thought of something that I thought was STUPID about my Android. So perhaps it can be addressed on the Librem 5.
If I recall (it was a long time ago) the phone arrived in a mode that if you shut the screen off by pressing the side button, it would go into lock screen. That could be disabled, in favor of having it time out on inactivity…but then there was no way to FORCE it to lock early. (And I tried in vain to find an app or widget to do that; problem is searching for lockscreen brings up a LOT of other things like being able to control X, Y or Z from the lockscreen–useless.) A widget that, when pressed, locks the phone would, I think, be a good idea.
“what will the lock screen be ?” it can be whatever you want - it’s your phone - the limit is you (you are not in any way forced to use this or that - if you know HOW you can change it)
The lock screen is pretty integral to the OS. Sure I could set the screen to never lock and then write my own lock screen app to do what I am talking about but it will probably be a very imperfect solution compared to something baked into the OS.
Not really. The lock screen is just a program that runs on the OS. Each different graphical shell tends to supply its own lock screen and it tends to be fairly easy to change it. However, I expect the few alternative options currently available are all fairly conventional in terms of authentication methods, though there is support for theming, to customise the appearance.
Having said that, writing a new lock screen from scratch is not a project I’d take lightly. I’m sure there have been loads of lessons learned over the years, which it would be unwise to ignore. No doubt my first attempt would be easily circumvented by some trivial keypresses!
You can use the existing code as a model, and just change the number pad for something else. I bet someone from the community will do it pretty quickly once Evergreen is released if Purism doesn’t provide an option to select the type of lock screen.
I don’t get it. Obviously if someone records your screen while typing password that could compromise it. BB10’s picture password was at least a little dynamic. Random number positioning, and I think sensitivity(?). Plus you could change the number/picture daily if you so desired.
Granted with encryption you got about 5 tries before having to enter a regular password else it security wipes the phone. It was just for convenience. Better than a short pin though, or playing with swiping dots.
Yes, all that is acknowledged. The question was not so much: Is picture password more secure than a straight PIN (in the face of ubiquitous surveillance)? Yes, picture password should be more secure.
But rather: How much more secure is it?
However note @reC’s claim that he or she unlocks the phone in the pocket. In that case, a straight PIN is probably more secure than a picture password.
Yes. That is noted as an option. I think that just changing the number and/or picture daily would be quite painful … but you could.
Nothing has really changed since the previous discussion.
Most people don’t have a phone yet to implement with.
I don’t know what would be involved in the actual unlock side of things. Would probably need to start with an existing unlock program and edit from there. The UI side of things could be prototyped now on any computer.
I don’t know whether anyone with the requisite skills is interested in implementing this. I suppose that by keeping this topic active, you maximize the chances. For a phone with a strong focus on privacy and security, this is certainly the kind of thing that users should be interested in.
You wanna know the best lockscreen implementation? A PIN code but the numberpad changes layout after each login so the buttons will be randomized so people can’t figure out your lockscreen combination after time.
The beauty of Linux is that everyone can have the “best” lockscreen, no matter what they think that is.
For the actual scenario being described (surveillance cameras everywhere) randomizing the number pad doesn’t help - under the assumption that the number pad is displayed on the screen for the user - and the camera - to see.
Randomizing the number pad does help for the scenario where someone, or a camera, can see your fingers but not your screen.
Note also @reC’s claim that he or she unlocks the phone in the pocket. In that case, that requires a fixed number pad - and in the face of ubiquitous surveillance that is more secure than a randomized number pad.
Here’s a fun idea for bolstering a randomized number pad for use in public places … you use the phone with a wired headset and the phone randomizes the digits 0 to 9 and reads them to you as it moves a “cursor” across the number pad, which does not display any digits. If you are really good, you can enter your PIN as soon as it reaches the last position in the number pad (if you happen to need that digit, or earlier if not). If you are not that good then just wait, as it will cycle back through the number pad.
Neither this idea nor what you proposed is ideal, in the sense that surveillance can detect duplicates (or the absence of duplicates) in the PIN - which reduces the available number of PINs. That can be solved at the expense of some usability by randomizing the number pad after each digit.
What ever lock-screen will be: it should never be sudo-password. You often use the pin to unlock your phone in public. There are cameras (with higher and higher resolution), there are many people (for example in buses) and so on. Also friends and family can see it easily and may also have access to phone when you are on toilet. It’s not that people who read here don’t trust there family and friends, but maybe some other people have such problems (and they may even don’t know).
So in any possible situation it would be better to have a default 2 pin system: lock-screen-pin and sudo-password. So if someone get access with lock-screen-pin, they don’t have admin rights.
And as something I would prefer (and is only possible in the way i described above): Sudo-password could unlock smartphone alternatively (fall-back methode).
Everything else (how to create the lock-screen in detail) is secondary important.
the rule of thumb is to always WEAR your L5 filled pouches on your MOLLE/PALLS-COMMANDO plate-carrier even when you are in the bathroom so that NOBODY can have access to your IOT. that (naturally) assumes you will ALSO be taking a dump WITH the L5 firmly secured inside your MOLLE pouches strapped to your plate-carrier that you ALSO use as a grounded-Faraday cage. remember your security/privacy is paramount so you must ALSO apply the SAME practice even when you have sex or during any other activity. don’t take any risks ! PROTECT YOURSELF !!!
there ! now people don’t have to read it if they don’t want to.
all in good fun. no i did see what you meant. i just don’t think it’s necessary to make a big deal out of it when the closest family members are involved especially since they are usually not even tech savy enough to protect their lock-screen with a simple password …
That was not a “sarcasm-period”, that was just a stupid wall of worlds. Your laughing about a random example shows me, that you missed the message of my post. The point is to split pin in sudo-password and lock-screen-pin, because lock-screen codes are easy to get for other people. It doesn’t care if it can or will happen to you or me or anyone else. But it cares if it is secure by default and nobody needs to be worry about - in any situation.
For what I was talking about above (picture password for unlock) this would have to be the case, since there isn’t a PIN involved with a picture password as such.
That said, we don’t know that there is even a problem with this particular aspect. When we actually get the phone, we can be sure to test that.
Yes but it goes way beyond “closest family members”. Most people have a need to unlock a phone in front of non-closest family members, friends of varying degrees of closeness, on public transport, in other public situations, in a workplace, …
So it is important that the way that this works has been carefully designed and ideally that there is a range of levels of security, in order to cater for the differing needs of customers (ranging from “lax” to “paranoid” to “they are actually out to get you”).
<sarcasm>That is just your closest family members attempting to lull you into a false sense of security.</sarcasm>
kieran you might be right that SOME families are prone to exploit their own but unless this is an actual “Knives-Out” situation i don’t see that happening for “normal” people … that being said there is always that fringe case where sarcasm might turn out to be a very poor taste in guarding your personal space … like if you’re joking in public and suddenly a stranger gets in your face with something totally offensive thus forcing you to immediately take a stand …
That’s true. I just wanted to say it is less important the way a non-sudo pw to unlock phone is implemented then the fact that there should be 2 different passwords for both use cases. I also think that there could be a option (no priority) to choose between different phone unlock-screens.
@reC … I don’t know “normal” People who troll like this. In my opinion it is a very eyes closed view to things. But hey, just continue with your sarcasm and you will change the world to the point of your view.
), this would be one thing in favor of using some kind of biometric authentication.
