[Bug 878906] Re: Not obvious that giving your account a password is not physical security

[Marcus Tomlinson]

This issue has sat incomplete for more than 60 days now. I'm going to
close it as invalid. Please feel free re-open if this is still an issue
for you. Thank you.

** Changed in: ubiquity (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/878906

Title:
  Not obvious that giving your account a password is not physical
  security

Status in gnome-control-center package in Ubuntu:
  Confirmed
Status in libclass-spiffy-perl package in Ubuntu:
  New
Status in ubiquity package in Ubuntu:
  Invalid

Bug description:
  If you have a user account with a password, someone with physical
  access to your computer can still access your account by holding down
  Shift during startup, choosing recovery mode, and changing your
  password.

  This is an intractable problem. For example, from Microsoft's "10
  immutable laws of security": "If a bad guy has unrestricted physical
  access to your computer, it's not your computer anymore".
  <http://technet.microsoft.com/en-gb/library/cc722487.aspx#EIAA>

  However, probably it isn't obvious to a non-professional that a
  password alone isn't enough to secure their stuff.

  So perhaps, wherever Ubuntu lets you set a password (Ubiquity, System
  Settings "User Accounts"), it should contain a brief (very brief)
  explanation of this. Something like: "A password doesn’t protect
  against someone with physical access to the computer."

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/878906/+subscriptions