Tea Glorious Tea!
I've always wondered this and i was logging in and misspelled my name and it reminded me. Whenever i misstype a password or username it takes about 5 seconds for any linux distro to tell me it was wring, yet in windows and osx it tells me instantly. Is there some method to the madness that i dont grasp.
Dark Roasted Ubuntu
The madness is in letting the person try another password immediately. It means they can brute-force it by guessing lots of possibilities very quickly.Originally Posted by NoSmokingBandit
The Linux way is much more secure. The guesser can't even be sure it's wrong until he waits a bit (it could just be starting the logging-in process).
Does your bank's cash dispenser allow you key in several PINs in quick succession?
If people were nicer, I'd answer more queries here!
Cake for coffee's sake
If you ask me, they should delay that exponentially or +1 second for each bad try
However, you can log in automatically or set it to '0 seconds' if you want to: System > Administration > Login Window
Last edited by forger; October 20th, 2008 at 03:15 AM.
Blog
Linux user number: 433157 - Member of Cypriot, Serbian, Greek LoCos
Brainstorm: Official end-of-life dates list, Kernel boot parameter to disable modules, End-of-Life? Update manager should show EoL status and provide more info
Tea Glorious Tea!
That sounds like a good idea. One typo and you only have to wait 1 second and you can log in right away. 2nd fail is 2 seconds, 3rd is 4, 8, 16, 32, 64...If you ask me, they should delay that exponentially or +1 second for each bad try
Not only is that more convenient but it would, in theory, be more secure against brute force attacks.
Posting Permissions
Adv Reply
Bookmarks