Welcome to the Windows Central Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Results 1 to 21 of 21
Like Tree2Likes
  • 1 Post By Taiger78
  • 1 Post By manicottiK
  1. Jason De Castro's Avatar
    Member

    Posts
    69 Posts
    Global Posts
    73 Global Posts
       #1  
    Before portico, if I had a password on my lock screen I would have to enter in my password for kids corner, which kind of defeated its purpose in my opinion. After I updated to portico however, I have a password on my home screen but swiping across to kids corner , i can now access it without entering my password. I'm so happy! I use kids corner for my games and music. Its so cool because I don't need to clutter my home screen now :)
  2. Taiger78's Avatar
    Member

    Posts
    8 Posts
    #2  
    I have not received Portico update yet, but I'm not suffering from this problem ...
    dericslab likes this.
  3. #3  
    No, I have this problem. If I set my phone with a passcode, it still requires the passcode for Kid's Corner. That's awesome. They wasted like 30 mins demoing this crap at the official WP8 revealing, instead of focusing their efforts on important features. It probably took them long to release WP8 because kid's corner was taking too long, instead of focusing their efforts on IMPORTANT things...

    I swear I lose more faith everyday. Dumb stuff like this...
  4. vedichymn's Avatar
    Member

    Posts
    334 Posts
    #4  
    I somehow missed this change entirely, thanks!
  5. sanien's Avatar
    Member

    Posts
    5 Posts
    #5  
    Still confused - did portico solve it?
  6. manicottiK's Avatar
    Member

    Posts
    493 Posts
    #6  
    There is no change and it works as it was designed, just not as many folks want it to.

    Kid's Corner has one goal: to let non-owners of a phone request permission of the owner to access and use a subset of the phone's apps and data. Once the owner grants permission, the other user can play around and turn the screen off/on without the password, as long as the password inactivity timeout doesn't expire. (If your timeout is 15 minutes, your kid can play for 20 minutes, put down the phone to go to the bathroom, and come back 12 minutes later without needing you to re-unlock it because the 15-minute inactivity timeout didn't expire.)

    A password is placed on a phone to prevent unauthorized people from using the phone. Many people who have passwords on their phones have them because their employer-provided email pushed an Exchange ActiveSync security policy to the phone and that policy mandated a password. Such policies are generally placed to product records that the company lets the employee access and to limit the legal liability of the employer. With appropriate policies in place (typically a password, inactivity timeout, and device encryption), employers may be able to escape disclosure notices and financial penalties in the case of a potential data breach (i.e., a lost phone containing or accessing company data).

    Imagine if a user puts into Kid's Corner an app that accesses company data, that Kid's Corner is allowed to bypass the password, and that the phone is lost. Whoever finds the phone has access to private data (maybe it's your medical records, my financial records, or your kid's educational records). Because the user was allowed to bypass the security settings, the company cannot in good faith say that the data it held had remained confidential. A variety of federal and state laws now require the company to find out whose data was potentially lost, to contact them all to warn them of potential identity theft, often to pay for them to have a credit watching service for 1-3 years, and to sometimes pay fines to various state governments. And that's before anyone decides to sue.

    It's in this context that a user's desire to let his or her kids play without asking permission first loses out to the cost of a data breach (a recent lost laptop case that I know had a $10M cost estimate). I can't imagine anyone in health care, financial services, or education (which all have breach disclosure laws to content with) approving the use of a device that could not be secured. The fact that you personally don't have such concerns doesn't mean that Microsoft can allow password bypass because none of the businesses needing protection would be able to trust such a device.
  7. #7  
    Quote Originally Posted by manicottiK View Post
    There is no change and it works as it was designed, just not as many folks want it to.

    Kid's Corner has one goal: to let non-owners of a phone request permission of the owner to access and use a subset of the phone's apps and data. Once the owner grants permission, the other user can play around and turn the screen off/on without the password, as long as the password inactivity timeout doesn't expire. (If your timeout is 15 minutes, your kid can play for 20 minutes, put down the phone to go to the bathroom, and come back 12 minutes later without needing you to re-unlock it because the 15-minute inactivity timeout didn't expire.)

    A password is placed on a phone to prevent unauthorized people from using the phone. Many people who have passwords on their phones have them because their employer-provided email pushed an Exchange ActiveSync security policy to the phone and that policy mandated a password. Such policies are generally placed to product records that the company lets the employee access and to limit the legal liability of the employer. With appropriate policies in place (typically a password, inactivity timeout, and device encryption), employers may be able to escape disclosure notices and financial penalties in the case of a potential data breach (i.e., a lost phone containing or accessing company data).

    Imagine if a user puts into Kid's Corner an app that accesses company data, that Kid's Corner is allowed to bypass the password, and that the phone is lost. Whoever finds the phone has access to private data (maybe it's your medical records, my financial records, or your kid's educational records). Because the user was allowed to bypass the security settings, the company cannot in good faith say that the data it held had remained confidential. A variety of federal and state laws now require the company to find out whose data was potentially lost, to contact them all to warn them of potential identity theft, often to pay for them to have a credit watching service for 1-3 years, and to sometimes pay fines to various state governments. And that's before anyone decides to sue.

    It's in this context that a user's desire to let his or her kids play without asking permission first loses out to the cost of a data breach (a recent lost laptop case that I know had a $10M cost estimate). I can't imagine anyone in health care, financial services, or education (which all have breach disclosure laws to content with) approving the use of a device that could not be secured. The fact that you personally don't have such concerns doesn't mean that Microsoft can allow password bypass because none of the businesses needing protection would be able to trust such a device.
    I'm sorry, but if you're dumb enough to put sensitive data onto your phone like that into KIDS corner then maybe you shouldn't have a smartphone. You should only put on kids corner what you want accessed WITHOUT permission; that was the whole point illustrated was that you're supposed to simply hand your phone to your kids and they would discover kids corner by swiping over, while being restricted from YOUR sensitive material via a passcode. Your kids having to come back to you (while you're obviously trying not to be disturbed or are busy) to put in a passcode defeats the purpose of simplicity they claim they're trying to provide.
  8. sinime's Avatar
    Developer

    Posts
    2,958 Posts
    Global Posts
    4,394 Global Posts
    #8  
    Doh, can't delete a post on the app
    My Apps: PIP (WP8 - Compass / Flashlight), Beer Knurd (WP7/8)
    Meme 8 Ball (WP8), UnClocked (WP8.1 - Themed Live Tile Clock)
  9. CJ Thunder's Avatar
    Member

    Posts
    620 Posts
    #9  
    Apps can still open YouTube or ads though, then can travel unrestricted from there. That is an issue.
  10. vedichymn's Avatar
    Member

    Posts
    334 Posts
    #10  
    Quote Originally Posted by CJ Thunder View Post
    Apps can still open YouTube or ads though, then can travel unrestricted from there. That is an issue.
    That's true, and actually one thing I really like about the Amazon prime kid subscription model they have in place for the Kindle Fire tablets, they prevent that.

    It seems like with Portico, my kids corner prompts less often for a password than it did before, but still does on occasion. That may just be me being crazy though, who knows.
  11. dericslab's Avatar
    Member

    Posts
    5 Posts
    #11  
    Quote Originally Posted by Taiger78 View Post
    I have not received Portico update yet, but I'm not suffering from this problem ...
    I too am not on Portico yet, and the Kids corner can be accessed without the pin.
    Don't know of any of my clients either with a problem accessing Kids Corner and requiring a password / pin.
  12. manicottiK's Avatar
    Member

    Posts
    493 Posts
    #12  
    Quote Originally Posted by jrdatrackstar1223 View Post
    ...if you're dumb enough to put sensitive data onto your phone like that into KIDS corner then maybe you shouldn't have a smartphone.
    True, but that doesn't change the equation from an employer's perspective. No large business that works with protected data is going to give up the safe harbor protections that can come from timeout+password+encryption so that some employees can bypass the password to use their phones as a pacifier.
  13. manicottiK's Avatar
    Member

    Posts
    493 Posts
    #13  
    Quote Originally Posted by dericslab View Post
    I too am not on Portico yet, and the Kids corner can be accessed without the pin.
    Don't know of any of my clients either with a problem accessing Kids Corner and requiring a password / pin.
    Check your inactivity timeout. If you turned the screen off within that window, Kid's Corner won't prompt for a password. f that timeout has expired AND you have a password on your phone, Kid's Corner will ask for it.

    Likewise, if Kid's Corner is used, a password is needed to get in to the main part of the phone. The logic here is the use of Kid's Corner means that the phone was in the hands of someone who isn't the owner. Requiring the password ensures that your kids or friends don't bypass security by entering Kid's Corner, turning off the screen, turning it on again, and swiping up to get directly to the phone.

    The entirety of the "problem" that some people have with Kid's Corner is that they want a feature that allows implicit authorized use by others. Microsoft designed a system that requires explicit authorization by making the owner key in the PIN to begin a Kid's Corner session.
  14. #14  
    Quote Originally Posted by manicottiK View Post
    Check your inactivity timeout. If you turned the screen off within that window, Kid's Corner won't prompt for a password. f that timeout has expired AND you have a password on your phone, Kid's Corner will ask for it.

    Likewise, if Kid's Corner is used, a password is needed to get in to the main part of the phone. The logic here is the use of Kid's Corner means that the phone was in the hands of someone who isn't the owner. Requiring the password ensures that your kids or friends don't bypass security by entering Kid's Corner, turning off the screen, turning it on again, and swiping up to get directly to the phone.

    The entirety of the "problem" that some people have with Kid's Corner is that they want a feature that allows implicit authorized use by others. Microsoft designed a system that requires explicit authorization by making the owner key in the PIN to begin a Kid's Corner session.
    Here's the problem I have with Kid's Corner:

    1. Set your phone to require a passcode each time you put your phone on sleep mode.
    2. Put your phone to sleep and swipe over to Kid's Corner.
    3. Put in the passcode to access Kid's Corner again, then put the phone to sleep.
    4. Swipe back to Kid's Corner and it still requires the passcode, even though you put the passcode in the 1st time and obviously gave permission the 1st time.


    That's my issue with Kids corner. I can't have my phone passcode protected each time the phone goes to sleep without having to enter it in EACH TIME I put my phone to sleep after granting access to Kid's Corner the first time...
  15. Mr. Brown's Avatar
    Member

    Posts
    234 Posts
    #15  
    Quote Originally Posted by jrdatrackstar1223 View Post
    Here's the problem I have with Kid's Corner:

    1. Set your phone to require a passcode each time you put your phone on sleep mode.
    2. Put your phone to sleep and swipe over to Kid's Corner.
    3. Put in the passcode to access Kid's Corner again, then put the phone to sleep.
    4. Swipe back to Kid's Corner and it still requires the passcode, even though you put the passcode in the 1st time and obviously gave permission the 1st time.


    That's my issue with Kids corner. I can't have my phone passcode protected each time the phone goes to sleep without having to enter it in EACH TIME I put my phone to sleep after granting access to Kid's Corner the first time...
    Something is wrong with your setup. I have a pass cod on my phone, but have it set to not require the passcode until 15 min of activity. So if its unlocked and I put it to sleep and swipe to kids corner it doesn't ask for the passcode. It does ask for the passcode when going from kids corner to sleep to main phone again, but that is expected and wanted.
  16. Mr. Brown's Avatar
    Member

    Posts
    234 Posts
    #16  
    Quote Originally Posted by CJ Thunder View Post
    Apps can still open YouTube or ads though, then can travel unrestricted from there. That is an issue.
    yes, they can click into the ads but they don't get a web address bar to go wherever they want to.
  17. AngryNil's Avatar
    Member

    Posts
    1,383 Posts
    Global Posts
    1,387 Global Posts
    #17  
    Quote Originally Posted by manicottiK View Post
    Kid's Corner has one goal: to let non-owners of a phone request permission of the owner to access and use a subset of the phone's apps and data.
    Nope.

    Just look at the way Microsoft demos it - kid wants to play on parent's phone, parent gives phone to kid, kid does it all independently - swipes left and swipes up.

    The whole idea is for others to access that subset without requiring you to be hovering around and policing their actions.
  18. manicottiK's Avatar
    Member

    Posts
    493 Posts
    #18  
    @AngryNil: I believe that it's already been said on another thread that Joe keyed in his PIN backstage at the WP8 launch event. For the reasons described above, what you want presents a security risk that many companies would not accept.

    @jrdatrackstar1223: Go into the Lock Screen settings, scroll to the bottom, and check your "Require a password after" setting. If it is set to "each time," you'll get the behavior that you describe. If you set it to something longer (like 15 minutes), your kids will be able to turn the screen off/on and swipe back into Kid's Corner without needing the PIN (i.e., the owner's permission) again.

    If you're thinking that setting a long "Require a password after" timeout defeats the purpose of security and rending my earlier rant about unacceptable risk of losing medical, financial, or other protected data, you should be right, but you're wrong. Although a thief could steal your phone and access your data indefinitely provided that he 1) did it quickly after you used it, 2) kept the phone charged, and 3) used it every few minutes, the lawyers who practice in this area still say that the phone can be accepted as "secure" with a timeout and can't be without one. This is clearly an area where the law and the technology disagree or where the law is looking at what's likely rather than what's possible.
  19. ollieollie93's Avatar
    Member

    Posts
    5 Posts
    Global Posts
    4 Global Posts
    #19  
    What they need to add is an update which asks you:
    Require password for kids corner?
    Can't believe they didn't add this.
  20. vedichymn's Avatar
    Member

    Posts
    334 Posts
    #20  
    Quote Originally Posted by ollieollie93 View Post
    What they need to add is an update which asks you:
    Require password for kids corner?
    Can't believe they didn't add this.
    Joe Belfiore did say on twitter that's something he's interested in seeing added, hopefully that does make it into a future release.
  21. manicottiK's Avatar
    Member

    Posts
    493 Posts
    #21  
    Quote Originally Posted by ollieollie93 View Post
    What they need to add is an update which asks you:
    Require password for kids corner?
    I agree, but I'd like three options; 1) use phone's password to access Kid's Corner, 2) pick a new password just for Kid's Corner, and 3) don't use a password for Kid's Corner. Microsoft will need to simultaneously add an Exchange ActiveSync policy option that says "Always use phone's password for Kid's Corner" so that companies needing to ensure that there's no password bypass capability can rest easy.
    Joe920 likes this.

Similar Threads

  1. Kids corner: design flaws?
    By zonoskar in forum Windows Phone 8
    Replies: 56
    Last Post: 06-06-2014, 11:25 AM
  2. Help Required. Not sure how to set up a childs account like kids corner
    By martinmc78 in forum Microsoft Surface for Windows RT
    Replies: 1
    Last Post: 11-23-2012, 09:07 AM
  3. Why is Kids Corner asking for PIN?
    By scumdogmillionaire in forum Windows Phone 8
    Replies: 2
    Last Post: 11-10-2012, 08:33 PM
  4. Did WP8 fix or add...
    By cp2_4eva in forum Windows Phone 8
    Replies: 2
    Last Post: 11-08-2012, 06:14 PM
  5. AWESOME multi-functionality idea for kids' corner
    By Jf.Vigor in forum Windows Phone 8
    Replies: 2
    Last Post: 10-19-2012, 01:36 PM

Posting Permissions