https://bugs.kde.org/show_bug.cgi?id=415443
Bug ID: 415443 Summary: Wrong password delay should be configurable Product: kscreenlocker Version: unspecified Platform: Manjaro OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: greeter Assignee: plasma-b...@kde.org Reporter: radon.n...@gmail.com CC: bhus...@gmail.com Target Milestone: --- SUMMARY When I type in a wrong password on the KDE lock screen, the input field is grayed out for three seconds and I must wait to try again. This behavior should be optional. STEPS TO REPRODUCE 1. Log in 2. Lock screen 3. Type in wrong password OBSERVED RESULT The password field is grayed out for three seconds. EXPECTED RESULT I wish for there to be no delay, or equally as good -- a delay of around 100ms. SOFTWARE/OS VERSIONS Linux: 4.19.88 KDE Plasma Version: 5.17.4 KDE Frameworks Version: 5.64.0 Qt Version: 5.13.2 ADDITIONAL INFORMATION Whenever somebody proposes that the wrong password delay be configurable, somebody else says "but that's bad security practice". I don't agree. A delay of three seconds is really annoying from a user perspective, whereas a delay of 100ms is unnoticeable. But both delays will suffice entirely to deter brute-force attackers. It would be ideal if the default delay is inherited from PAM, because -- well, why not? Isn't the whole point of PAM for it to be a central place to configure this sort of thing? By configuring PAM, I change the security profile of my tty logins, my sudo prompts, my remote logins, ... but not KDE, it seems. But really, this should be configurable. What I had to do is patch the source of kscreenlocker (and it sure did take a while to figure out that kscreenlocker was the culprit). For other hapless users like myself, the process is as follows on Manjaro/Arch: $ yay -G kscreenlocker $ cd kscreenlocker $ makepkg --nobuild Now go into src/ and find the line 'm_graceLockTimer->setInterval(3000);'. Edit 3000 to be 0 instead. $ makepkg --noextract -si Log out and back in -- voila! I originally opened this bug report: https://github.com/sddm/sddm/issues/1218 -- You are receiving this mail because: You are watching all bug changes.