Follow

Dear developers,
having GUI passwords prompts **not** capturing focus is a huge security issue.
Just today, I almost typed my GPG key password into a commit message. Again.
Not funny.

@aurelienpierre I shall make a note of that if I ever have to do password stuff.

@aurelienpierre

Maybe the window manager could catch situations where an input event is preceded by a too recent (few 100ms) focus switch?

This might also avoid clicking on the wrong item, just becaus it poped right above where you wanted to click.

But password entry would need some additional care.

@aurelienpierre One of our employees has pasted a Yubikey token into Slack three times now.

Sign in to participate in the conversation
Mastodon Tetaneutral.net

Instance de Mastodon, réseau social de micro-blogging libre et décentralisé hébregée par l'association Tetaneutral.net.