Seahorse changes PGP private key passphrase without asking for confirmation
Submitted by axx
Link to original bug (#701965)
Description
Using the function to change one's private PGP key's passphrase, Seahorse will first prompt for the current passphrase to be entered, to verify the person's identity, but will then only ask the new passphrase once, not twice as would be expected and reasonable.
Thus, if the user makes but a single typo, they will lose control of their private key. Furthermore, the new passphrase entered is masked when typed, so the user is likeley to not even see they have mistyped.
Before changing the passphrase, Seahorse should warn users to keep backups of their keys in a safe place. While changing it it should clearly ask the user to retype their passphrase, to guard against any typos or mistakes.
Version: 3.4.x