aboutsummaryrefslogtreecommitdiff
path: root/profiles/noPasswords.nix
blob: 9adceb71c7a29f78ab04dab0afa5aa3036005fab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{ }: {
  meta.description = ''
    Prevent the user from storing any passwords in the browser.
    This can be justified if the physical security of the device is uncertain, or
    if the provider wants to avoid the responsiblity of storing such sensitive data.

    However, the users alternatives must be considered: what will a user do without the
    password manager?

    Possible "alternatives" (from user perspective) include:
      - Choose much weaker passwords
      - Store the passwords in an unencrypted form (e.g. on the desktop)
  '';

  policies = {
    # TODO: how exactly are passwords stored?
    OfferToSaveLogins = false;
    PasswordManagerEnabled = false;
  };

  preferences = {
    # Ask for password every 15 minutes
    security.ask_for_password = 2;
    security.password_lifetime = 15; # minutes
    signon.masterPasswordReprompt.timeout_ms = 15 * 60 * 1000;
  };
}