Wandering Thoughts archives

2016-11-27

The Chromebook login problem

I mentioned yesterday that I have a Chromebook hanging around here at the moment. It's for a relative so I haven't played with it very much, but I have poked at it enough to spot one obvious issue: the login and password you use to log into and unlock the Chromebook is your Google account's password. This is a potential problem because the properties you'd like for the two passwords are relatively different.

My perception is that many people keep themselves logged in to their Google account. This means that they type the password infrequently, and may trust it to a password manager (and likely have a complex randomly generated password as a result). However, a machine password (Chromebook or otherwise) is something that you'll be typing relatively frequently in order to unlock the machine (probably at least multiple times a day); it's infeasible to use a complex randomly-generated password for this.

Whether you can change this is a frequently asked question and the answer appears to be 'no, that's how its designed'. I can see three approaches to the problem. First, the obvious one that gets suggested frequently is to set up a separate 'Chromebook' Google account, one that's only used for the Chromebook (and for things that you're treating as an extension of it, like cloud storage). To get access to your real Google account, just log into it in the browser on the Chromebook and so on. I think that you lose some amount of automatic synchronization between the Chromebook and your regular Google account, but apparently this works in general.

The next approach that I've seen recommended is to switch to using an xkcd style password. These are likely secure enough while still being memorable and reasonably easily typed; you can probably rattle one off in a few seconds, which is not too annoying even on the routine basis of unlocking a computer.

A third possible option is to configure strong 2FA on your Google account and not worry too much about the strength of your password alone. I'm not sure how this interacts with logging into the Chromebook itself, but it will at least protect your Google account in general (and everyone recommends it if you're serious about the security of your account). If I was going to use a Chromebook and I cared about my Google account beyond the Chromebook itself, this is probably the approach I'd go with (possibly combined with an xkcd style password).

(I'd want to explore Google's 2FA options and how they combine first, though. You can apparently use a Yubikey (or any hardware token that supports U2F) as one of your 2FAs, but how does that work if you want to also authenticate from a device that can't talk to the Yubikey (such as an iPhone)? Can you have a second 2FA method so that either the Yubikey's U2F or the other 2FA method are sufficient?)

tech/ChromebookLoginProblem written at 02:19:05; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.