I disagree with this assessment, it is counter to the future converged experience and I'm not comfortable giving security signoff for this (it does not meet requirements set out in https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData: "Provide configurable PIN/password support (should support both a PIN and password)").
In the OOBE, we should default to PIN, but allow passphrase for heightened security and swipe to unlock for no security. I don't particularly care how this is presented in the UI so long as PIN is default and swipe to unlock conveys something about data not being protected. Users wanting heightened security should not have to set a throwaway PIN to then have to hunt for how to change it-- this is a bad user experience and we will likely be criticized in reviews. Furthermore, next cycle we plan to have encrypted user data and selecting encrypted user data will need to be part of the OOBE and a PIN will not be allowed for use with encrypted user data (the 'protections' in this case would be specious). Lastly, for a fully converged experience, users will not want to use a PIN to protect their desktop and we will need to accommodate for that. Considering all of this, we should support passphrase as opt-in. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1348362 Title: [OOBE] please provide PIN/password in intial setup screen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ux/+bug/1348362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
