Security - Privilege escalation attacks? #957
Description
Under "a note on security" you say:
This package is in no way as secure as a password and will never be. Although it's harder to fool than normal face recognition, a person who looks similar to you, or a well-printed photo of you could be enough to do it. Howdy is a more quick and convenient way of logging in, not a more secure one.
I think the issue that's currently mentioned isn't particularly significant as it would require the laptop to be stolen in a running state. Which wouldn't be an issue if the laptop were powered off and encrypted with LUKS, as you still need the LUKS password. If it weren't encrypted to begin with, then the device was already insecure if stolen.
However I think there's a far more significant risk that comes with using howdy - the fact that it removes any need for manual authentication, as you aren't manually typing a password, it automatically authenticates you. The danger with this is that any app can just elevate to root and compromise your system to a much greater extent with the only requirement being that you have to be sitting in front of your computer. This makes malware or RCE vulnerabilities much more dangerous than they would've otherwise been.
I think to address this problem, howdy should require the user to manually enter a keybinding before it proceeds with authentication. The setting which configures this keybind would also ideally be stored in an area which programs cannot read without root privileges.
At the moment, using howdy is as just as insecure as not having a password configured, no? At least in the attack scenario described and not in the event that someone steals your running laptop.