touch-packages team mailing list archive

Thread
Date

[Bug 1347907] Re: create a delay for password failure attempts

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Michael Terry <michael.terry@xxxxxxxxxxxxx>
Date: Thu, 24 Jul 2014 17:27:43 -0000
Reply-to: Bug 1347907 <1347907@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've added an ubuntu-ux task, because I'd like guidance for how this is
presented to the user.

My thinking from a technical POV is that we can use a PAM module
(pam_tally2) to record failed logins.  The timing is configurable with
it, but the default behavior is to just silently fail.  That is, once
the user fails to log in, say 5 times, then further logins for, say an
hour, will fail (even if the right password is used).  Is that how we'd
like it work?

But we probably want some message to be shown to the user.  Right now we
don't show any text at all on incorrect entries.  We just jiggle the
password box.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1347907

Title:
  create a delay for password failure attempts

Status in Ubuntu UX bugs:
  New
Status in The Unity 8 shell:
  New
Status in “unity8” package in Ubuntu:
  New

Bug description:
  capturing the desire from our security team to add in a delay for the ability to attempt unlocks on the greeter.
  unless design provides some other specification choose 5 potential failed attmepts, upon which the greeter will not unlock or allow a password entry attempt for 1 hour.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-ux/+bug/1347907/+subscriptions