Have you ever typed your password in clear in another window that just opened? I have -- several times. Usually, it just goes into a "local" window and only the people around me could see it (which is bad already), but I don't see why it couldn't happen accidently or deliberately through IM or a web browser. We're not talking movie plots -- accidents are bound to happen and I'm sure have happened in the past because of that. In terms of "remote exploit", it sure wouldn't be that hard to have a script automatically IM when they attempt to log in. Still requires knowing the person, but it's certainly not a good thing. The chances of succes would probably be in the order of 1-5%: small, but significant if you try several times. Put another way, would you feel safe telling me what your IM nick is and giving me an account on a machine you often ssh to with a password (not ssh key)?
It's not like I'm advocating removing a feature or drastically changing anything, just changing the default to something a bit more sane. Stealing focus by default is just plain stupid. It's also totally counter-intuitive when you have the "focus follows mouse" or "sloppy" focus policy because you end up with the focus not going to the window that has the mouse in it. So even if it weren't a general hazard, it would still be the wrong behaviour for sloopy/follows mouse focus. So basically, I see many reasons for fixing it and not many for leaving it is (except for "everybody else is doing it"). -- New windows stealing focus -- and passwords? https://launchpad.net/bugs/54741 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
