-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Biometrics Prompt Should Not Ask For Permission Twice #142
Labels
enhancement
New feature or request
Comments
For the record, I'm personally fine with either as long as the "risk" is described clearly to the user. Malicious applications on the same device are only a secondary goal to strive towards where reasonable. In this case, the usability is significantly hurt. |
I also think the risk (especially when using howdy, which itself states it is unsafe) is ok. I think these would be possible options to handle this:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now there are 2 prompts, one for authentication (polkit), and one for approval. It would be nicer to just have 1 prompt. Some polkit (or pam) authentication modules don't require interaction (f.e howdy). I'm not sure if we can detect this.
If we just accept this, then the "risk" would be that, using a no-interaction required auth method, a malicious app could trigger the biometrics prompt, and instantly get the vault user key from goldwarden, while the user is sitting in front of their computer.
The text was updated successfully, but these errors were encountered: