I have the same problem as Bluefin asking for password multiple times when logging in. The solution comment says “Ah. The GNOME Keyring, the final raid boss. I set it to blank so it never bothers me again. I use a dedicated password manager instead.” and links to instructions for Ubuntu. I don’t know how to adapt those to Bluefin for blanking the keyring pass. Also the ubuntu page doesn’t talk about using dedicated pw manager.
What power-up or weapon do I need for this boss?
Due to the security implications, I’d highly recommend just getting into the habit of just using the password to login on bootup, then use the fingerprint for everything else; lockscreen, sudo, etc.
As for the solution to your question, the easiest way is probably just installing “Seahorse” (GNOME’s “Passwords and Keys” app) and following the linked instructions. However as the solution link points out: Be warned that this will make your keyring accessible without a password. Period. You don’t have to be logged in to view it. This will impact things like browser passwords and some saved app passwords (vpns, backup tools, cli tools, etc).
I read about Seahorse “Passwords and Keys” but did not take any action as I’m waiting until I understand more about the implications.
Last night I turned off my laptop and today I can’t unlock my keyring at all. It’s not recognizing my password. I haven’t changed it. My scenario sounds similar to this thread https://discussion.fedoraproject.org/t/keyring-password-changed-without-me-knowing/78160:
I can no longer use my login password to unlock the keyring, but I don’t remember changing the keyring password. I also didn’t change my login password, and it has been used since the initial installation of Fedora. Furthermore, I’m the only user of this laptop.
Other than annoying keyring password prompt spam, 5 in a row, the machine is working fine, It’s what I’m using to type this message. I logged in with fingerprint.
Should I try update-crypto-policies --set LEGACY and reboot as the Fedora thread suggests? I only set up this machine a few weeks ago.
The “implications” of having no password is the same as having passwords in plain text. If an attacker steals the keyring file there’s zero protection (encryption) to help prevent or stall them in getting access to all the passwords inside. How bad this is really comes down to what’s stored, your threat model, and how the computer is used. It’s a security vs convenience tradeoff. Me personally the five second convenience gain is not worth the (pretty major in my book) security loss.
That’s odd. Never seen that happen before but wouldn’t hurt to try as long as you make sure to change it back to default if it does or doesn’t work (something tells me it wont). Might have to reset the keyring by deleting the files under ~/.local/share/keyrings/ and then logging out and back in
[quote=“lethedata, post:2, topic:6682”]
…using the password to login on bootup, then use the fingerprint for everything else; lockscreen, sudo,…[/quote]
How is this done? Under “Settings >> Users” I only have the option to enable/disable fingerprint for login. There aren’t any fingerprint options for other things.
“Settings >> Screenlock” doesn’t show any unlock options other than on/off and timing.
I set this >> rebooted >> logged in with password instead of fingerprint: I still got keyring unlock requests that don’t respect my password.
What did work: renaming ~/.local/share/keyring/* to something else. I didn’t have to reboot.
…
(For anyone else coming across the thread and following my steps: change crypto policy back with update-crypto-policies --set DEFAULT)
There isn’t any setting for it. You’ll just type in the password at the login screen instead of using the fingerprint.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
