Aren't those static persistence plus no-password-asked combination insecure?

Forum Forums New users New Users and General Questions Aren't those static persistence plus no-password-asked combination insecure?

This topic contains 1 reply, has 2 voices, and was last updated by anticapitalista Aug 11-4:41 pm.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #25650
    Member
    rayluo
    rayluo

    (Reworded from an earlier version of this post)

    When using LiveUSB, if using Persist Root static mode, or using Persist Home which is always in static mode, all your browser sessions would be persisted on the USB disk. And each time you boot from this USB, antiX does NOT require you to type your account password. That would mean if you happen to lost your usb disk, and someone finds it, they can boot into your desktop and resume all your browser signed-in sessions (Gmail, online-shopping, online-banking, etc.), all without ever needing to try your password!

    I personally stick with root persistence without saving changes most of the time, so I would be fine. (FWIW, previously I was using TENS Linux for similar LiveUSB usage pattern, but I gave it up due to it was designed to be fully locked down so there was absolutely no way to customize it.)

    I figure this might be a potential security risk that worth fixing or at the very least worth mentioning in the GUI when setting up home persistence, before new users notice it too late.

    My $0.02

    Regards,
    Ray

    • This topic was modified 1 week, 2 days ago by rayluo.
    #25658
    Forum Admin
    anticapitalista
    anticapitalista

    User can always choose to set up an encrypted live usb for more security.

    • This reply was modified 1 week, 2 days ago by anticapitalista.

    Philosophers have interpreted the world in many ways; the point is to change it.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.