Public bug reported: ** This is a feature request that regards to security. **
Please add to the login method a mechanism that postpones successive login attempts if X attempts failed. Obviously this can be further enhanced - for example: If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes. If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes. And so on... Values of X and Y should be configured by the 'root' user. Benefits: greatly reduces the risk of brute-forcing the password. Scenarios that this can defend from: * If someone hacked a user in the system, then this prevents him to brute force the password for root. * A keyboard can be emulated via a physical connection while it tries to brute force the password. ** Affects: lightdm (Ubuntu) Importance: Undecided Status: New ** Description changed: ** This is a feature request that regards to security. ** Please add to the login method a mechanism that postpones successive - login attempts if X attemps failed. + login attempts if X attempts failed. - Obiously this can be further enchanced - for example: - If X successive login attemps failed, then disable that specific login method for that specific user for Y minutes. + Obviously this can be further enhanced - for example: + If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes. If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes. - And so on... + And so on... Values of X and Y should be configured by the 'root' user. Benefits: greatly reduces the risk of brute-forcing the password. Scenarios that this can defend from: - * If someone hacked a user in the system, then this prevents him to brute force the password for root. - * A keyboard can be emulated via a physical connection while it tries to brute force the password. + * If someone hacked a user in the system, then this prevents him to brute force the password for root. + * A keyboard can be emulated via a physical connection while it tries to brute force the password. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1628922 Title: Postpone login attempts if X have failed Status in lightdm package in Ubuntu: New Bug description: ** This is a feature request that regards to security. ** Please add to the login method a mechanism that postpones successive login attempts if X attempts failed. Obviously this can be further enhanced - for example: If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes. If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes. And so on... Values of X and Y should be configured by the 'root' user. Benefits: greatly reduces the risk of brute-forcing the password. Scenarios that this can defend from: * If someone hacked a user in the system, then this prevents him to brute force the password for root. * A keyboard can be emulated via a physical connection while it tries to brute force the password. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1628922/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp