More clearly document day-to-day passwords/passphrase usage

[eloquence]

In the context of routine usage, the user has to juggle:

• FDE passphrase
• OS password/passphrase
• SecureDrop passphrase

In addition, they are routinely interrupted by a screensaver that prompts for a password, using a nonstandard UX that does not resemble common lock screen designs. The FDE passphrase and OS password/passphrase have to be typed without a "show password" feature to detect possible errors. The caps lock indicator on the screensaver password prompt is fairly subtle, as well.

For now, we should do what we can in the docs (and training slides) to make it clear what passwords/passphrases are involved in normal usage of the system, and include screenshots of the screensaver prompt as well so it does not come as a surprise.

[eloquence]

@gonzalo-bulnes Curious about your impressions here as you dig into setting up Qubes/SecureDrop Workstation; this could be a nice docs issue to collaborate on, as well.

[gonzalo-bulnes]

Thanks for the heads up @eloquence, I take note. Let me rephrase to check I'm understanding this correctly.

On the Qubes OS side, I get the full-disc encryption (FDE) and OS passphrases. I don't use the FDE passphrase too often but I suppose that depending on the circumstances we may suggest journalists to shutdown their workstations when they leave them unattended maybe a few times a day?

I assume that in addition to that we get the (one) SecureDrop passphrase only, because the Workstation uses split-GPG without a password on the key. Based on the UI copy, I know that (at least some) SD sessions get closed because of inactivity, so unless I'm missing something, we're talking about three passphrases that all get used fairly often. It is significant indeed.

Constraints

• cannot display FDE passphrase
• cannot change keyboard layout to type FDE passphrase
• I haven't put attention to the caps lock indicator of the FDE passphrase
• cannot display OS passphrase
• the caps lock indicator of the OS passphrase is easy to miss
• the OS passphrase has a typing time constraint
• arguably there is a lot of information on the prompt (animated indicator of remaining time, current date and time, username)

I haven't looked at the SD passphrase prompt yet.

I'll review the docs and keep this in mind when I start setting up the workstation 👍