deeplow
commented
3 years ago A better solution I think could be just having one passhprase. Started a related discussion on the forum: Why does Qubes have 2 passphrases? (disk encryption & login).
Open ninavizz opened 4 years ago
deeplow
commented
3 years ago A better solution I think could be just having one passhprase. Started a related discussion on the forum: Why does Qubes have 2 passphrases? (disk encryption & login).
deeplow
commented
3 years ago Not sure if I should open an issue for having only one password by default or if I should keep it here. I'll leave it here because it seems like different solutions to the same problem.
ProtonMail has an interesting approach to this. By default the user has a single passphrase, but they have to option to add another one:
ninavizz
commented
3 years ago @deeplow I feel the thing you're speaking to, is a user-choice issue, not a technical one?
This issue it to simply present the above two screens with improved clarity. Right now it is not clear that one is for FDE, and the other, for the user to log into the system. Further confusing things, Qubes doesn't support multi-user logins, and yet still follows the paradigm—but of a single user.
deeplow
commented
3 years ago @deeplow I feel the thing you're speaking to, is a user-choice issue, not a technical one?
Yes. Above all it's about setting a default (1 password only) and allowing for user choice (if the user is even aware that they need it).
ninavizz
commented
3 years ago Created on the Plymouth project's issues repo: https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/150
Problem
On boot, I am prompted to enter-in two passwords: the disk decryption password, and then my unique user password for the Qubes OS. As a non-technical user, however, I am not likely to understand that the first password is how my hard drive's encryption/decryption is managed.
Solution
Swap use of icons and add a few words to both screens. Below is an "ideal" version. A first-step towards it, would be simply adding the word "decryption" to the first screen, while also removing its Qubes icon. Yeah, it'd also just be nice to include the OS version release info bit, in the 2nd screen. The F8 hide/show bit, is a separate issue here.
1st Screen
2nd Screen
Why this matters
For non-technical high-risk users coming into Qubes from Mac and Windows environments, breaking certain behavioral habits to embrace stronger opsec practices will be essential for success. Clarity in understanding which parts of the crypto glitterpony fart at what times, will help enable compliant behavior in users. Regular folks also rarely read documentation—they "learn" by doing. As such, it's important for the specifics of disk-decryption vs signing into Qubes as a specific user, to be more clearly framed via UI text and semiotics.
Today, the first password is presented to users (on a screen long overdue for a wipe down) as such:
First Screen
Second Screen
From the above presentation, 2 exceptionally subtle points of confusion arise:
For SecureDrop Journalist users, ensuring they leave their workstations to rest with their drives encrypted, is important. Understanding when decryption happens, is probably one of the most important pieces in the compliance puzzle for them, as that will reinforce the need to break the standard mac/pc user habit of simply closing the laptop lid and putting the laptop away—vs shutting it down, completely. Because only the latter, puts their hard drive in its encrypted state.
Why now?
Well, because Erik just informed me that's how it all works. And I'd had no idea, before. I just figured the screensaver made encryption happen. Because I'm a designer. Not a developer. Gotta call out the cryptopony farts, clearly, as they happen. :D