Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: Remove the authentication timeout delay' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Remove the authentication timeout delay
Authored by: Jaharmi on Mar 09, '04 05:48:00PM

By the way, your Keychain is kept open and unlocked for a period of time after login, which may be controlled by this value.

This will not happen if you chain your default user keychain (the one named after your short username) to use a passphrase that is different from your login account's password. (By default, the keychain password is set to the same password as your login account, but it can be different.) This could be a problem for you if you allow people to sit in front of your computer and you've set many items on your keychain to always allow access.

I would also consider the issue of the timeout one of a security compromise (for functionality), not necessarily a security flaw. The fact that there is a timeout value at all does indicate that thought was put into the setting. To exploit this in a meaningful way, it really looks like you'd need to have local access to the computer, and if you have that, well, all bets are off anyway.

Jeremy



[ Reply to This | # ]