I am about to encrypt all partitions possible. When booting, I will have to enter a password to decrypt my partitions. However, after having done so, I also have to enter a password to log in. My system will always have only a single user - me. Thus I am considering to not require a login password, with the philosophy that the protection that a user login gives me is also given by the disk encryption.
Am I missing something, or is it true that there is no disadvantage of automatically login in after having my disk decrypted? When I leave the system decrypted, I will just log out or lock it. I assume that the encryption is just as hard to crack as the user password - or even harder.
If you have no password, you can’t log out. Or rather, I think you can, but logging in again doesn’t require a password. Similarly with locking it.
So I think that should be your biggest consideration.
There is one big disadvantage to auto login - your keyring is not unlocked - and that will be frustrating when apps fail because the keyring is locked.
Even if you are the sole user on an encrypted system - unlike the most dominant OS - the system is still born multiuser and as such, it requires the distinguishing of different users by their credentials.
All good points. I do want to clarify something. With “Thus I am considering to not require a login password” I did not mean to remove my password, just that the system logs me in automatically. After locking my system, a password would still be required.
This is what my desktop at home (another device) has right now. Then again, @linux-aarhus mentioned that my keyring would not be unlocked. However, I have never had any issues with a keyring on that desktop. Is it possible then that, on that desktop, no programs whatsoever used my keyring so far?
There will be problems, as others have said.
My advice:
don’t go for no password - just use something simple
typing two or three letters instead of just hitting enter isn’t worth the probable trouble you’ll be in with no password … but I encourage you to simply try it out and see for yourself
I do this all the time in my VM’s
I choose a two letter log in name - and the same as the password.
this approach has got it’s risks - but I consider them as marginal as they get …
but: possibly …
any “attacker” (while being online) now also has the advantage of not even needing a very simple password to gain access to the already unlocked contents
… they are unlocked in any case while the system is up and running - password or not, encryption or not
There is no difference between disk encryption or no encryption while the system is running.
Disk encryption just protects against someone with physical access to your hardware.
