Summary of password strength discussion
mattdm at fedoraproject.org
Mon Jul 27 14:09:50 UTC 2015
On Mon, Jul 27, 2015 at 04:27:29AM -0400, Bastien Nocera wrote:
> > Right, unless you configure multi-factor by hand. My specific concer is
> > that there's a relatively easy to access switch which opens up the
> > system to more exposure than may be immediately obvious. I think the
> > idea of forcing a password change when this switch is toggled has some
> > problems. Maybe adding some more explanatory text to the dialog for
> > enabling "Remote login" could help, but I'm skeptical about that too;
> > hence this suggestion.
> That same person you don't trust to know what "Remote Login" does can
> run "curl ... | bash" on the command-line and trash the system.
And if there were a button in an easily-available preferences dialog in
GNOME Shell that did that, I'd be concerned.
<mattdm at fedoraproject.org>
Fedora Project Leader
More information about the desktop