Skip to content

Should we support passwordless user accounts?

Currently we require all user accounts to have passwords, and this is enforced by initial setup and settings. There is an MR against Settings to allow accounts without passwords (GNOME/gnome-control-center!826). The question is, do we want to allow that?

This is probably a more complex question than might at first be apparent, and will likely require input from various perspectives. Some aspects and questions to consider:

  • How would this affect encrypted home partitions?
  • Presumably there will be some organizations (corporate deployments) and distributions (like Tails) which wouldn't want this option.
  • What about combinations of authentication mechanisms? For passwordless login (os-mockups#220), the design envisages "primary" authentication types, like smart cards and passwords, and "secondary types" which are a bit more ephemeral, like finger print, facial recognition, a passkey on a bluetooth device, etc. I don't think we'd want someone setting up finger print authentication without having an alternative authentication mechanism to fall back to in case it fails.
  • What about parental controls?
  • Isn't there a risk that someone could lock you out of your user account if you don't have any authentication set on it?