IMHO. a password only works for console but not for internet is more secure and developer will appreciate.
2016-12-14 8:40 GMT+08:00 Mark Shuttleworth <m...@ubuntu.com>: > On 13/12/16 19:35, Dan Kegel wrote: > > I'm very confused. You have SSO. You tell people to create an SSO > > account to use the device. Yet SSO can't be used to log into the > > system at the console. ?? > > SSH keys associated with the SSO account are pulled into the device, so > you can SSH to it. > > We could enable console (as in keyboard-and-monitor-on-device) access > too, if we want, that's what's open for discussion. There are lots of > ways to do that, simplistically just by asking for a login password to > be set during the device activation step that you saw. But the concern > is that users will reuse an important password when doing so. > > We have 2-factor capabilities that might be useful. In general, I would > say we are open to suggestion but mindful of the opportunity to raise > the bar for device security. > > Also, we're mindful of the fact that these devices will not be used > every day. So passwords that are unique to the device will easily be > forgotten. > > All of that led us to the SSH approach that you see now. It's not a > final position, those are just the things to think about in the discussion. > > Mark > > > -- > Snapcraft mailing list > Snapcraft@lists.snapcraft.io > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/snapcraft >
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
