I've added an ubuntu-ux task, because I'd like guidance for how this is presented to the user.
My thinking from a technical POV is that we can use a PAM module (pam_tally2) to record failed logins. The timing is configurable with it, but the default behavior is to just silently fail. That is, once the user fails to log in, say 5 times, then further logins for, say an hour, will fail (even if the right password is used). Is that how we'd like it work? But we probably want some message to be shown to the user. Right now we don't show any text at all on incorrect entries. We just jiggle the password box. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1347907 Title: create a delay for password failure attempts Status in Ubuntu UX bugs: New Status in The Unity 8 shell: New Status in “unity8” package in Ubuntu: New Bug description: capturing the desire from our security team to add in a delay for the ability to attempt unlocks on the greeter. unless design provides some other specification choose 5 potential failed attmepts, upon which the greeter will not unlock or allow a password entry attempt for 1 hour. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ux/+bug/1347907/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
