On Sunday 09 October 2005 09:41, nordi wrote:
When you see this as being insecure, what about GRUB not being password <snippage>
Hi Nordi, In my mind, the question was "Should the use of auto login be encouraged or suggested?" *not* "Does disabling auto login create a secure computer?" Password protecting the desktop helps to prevent casual or opportunistic snooping and attacks. Access to documents and frequently used "private" applications like IM, chat, VOIP and e-mail clients, also one's reading material and playlists or financial correspondence, etc., is made more difficult... obviously, not impossible... but the front door won't always swing wide open and invite such mischief, which is the main concern I have with auto login. Mind you, casual events aren't always "trivial," either They can range from jokes gone awry, like someone posing as you sending a dirty joke to your spouse but cc's the CEO or the Chief of Police or the Mayor... or someone more vengeful sending threats to your Ex or downloading illegal content or attempting to destroy your data. Anticipating, and guarding against, such potentialities is everybody's responsibility, including Novell/SUSE's. You and I and others experienced in such matters know enough to uncheck that little box during installation. My concern is that it conveys an impression to new and unsophisticated customers that auto login is a normal and accepted practice within the Linux community, which my belief is it *is not* (emphasized for clarity). Also, leading starts with behavior. If you convey, through your actions as well as words, a consistent philosophy and attention to detail, people witnessing or participating in some way with you are more likely to follow suit. If your actions are contradictory (for instance, seeming to recommend auto login during the installation process,) others... particularly those who are naive and inexperienced, can be discouraged from making the right decision. IMHO, the "right" decision is auto login disabled. regards, - Carl