Public bug reported:
** This is a feature request that regards to security. **
Please add to the login method a mechanism that postpones successive
login attempts if X attempts failed.
Obviously this can be further enhanced - for example:
If X successive login attempts failed, then disable that specific login method
for that specific user for Y minutes.
If Y minutes have passed and the additional successive attempts failed again -
then disable that specific login method for that specific user for 2*Y minutes.
And so on...
Values of X and Y should be configured by the 'root' user.
Benefits: greatly reduces the risk of brute-forcing the password.
Scenarios that this can defend from:
* If someone hacked a user in the system, then this prevents him to brute
force the password for root.
* A keyboard can be emulated via a physical connection while it tries to brute
force the password.
** Affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
** This is a feature request that regards to security. **
Please add to the login method a mechanism that postpones successive
- login attempts if X attemps failed.
+ login attempts if X attempts failed.
- Obiously this can be further enchanced - for example:
- If X successive login attemps failed, then disable that specific login method
for that specific user for Y minutes.
+ Obviously this can be further enhanced - for example:
+ If X successive login attempts failed, then disable that specific login
method for that specific user for Y minutes.
If Y minutes have passed and the additional successive attempts failed again
- then disable that specific login method for that specific user for 2*Y
minutes.
- And so on...
+ And so on...
Values of X and Y should be configured by the 'root' user.
Benefits: greatly reduces the risk of brute-forcing the password.
Scenarios that this can defend from:
- * If someone hacked a user in the system, then this prevents him to brute
force the password for root.
- * A keyboard can be emulated via a physical connection while it tries to
brute force the password.
+ * If someone hacked a user in the system, then this prevents him to brute
force the password for root.
+ * A keyboard can be emulated via a physical connection while it tries to
brute force the password.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1628922
Title:
Postpone login attempts if X have failed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1628922/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
