How to protect from password guessing?

Moderator: BarryK

Post Reply
szept
Posts: 146
Joined: Wed Jan 11, 2023 5:37 pm
Has thanked: 21 times
Been thanked: 2 times

How to protect from password guessing?

Post by szept »

My password for Easy startup is quite easy, hence probably relatively easy to crack, even by manual typing one go after another. Is it possible to maybe add (if it's not already there) a function to block it after certain number of failed trials? I'd propose to disable startup for 24 hours after 3 fails of password. Also, I wouldn't necessarily put an info saying it will be anabled again, because the rightful user will know it, so after the first fail the info could be: "Password incorrect - 2 more attempts before ban" (couldn't find more appropriate word...), then after 3rd fail a message "Startup locked" and nothing more. Then the startup would allow user to try login after 24h, maybe with a message that it has been locked previously. Just a thought. Obviously, in case of a serious cracking, some1 could buy lots of pendrives, DD-copy EasyOS and try for infinity without any downtime, but I'm not talking about this kind of case.

Cheers,
Damian

Running live-USB EasyOS-64_6.3.1

...and taxes are theft! -.-
https://321my.wordpress.com/pw/

User avatar
Flash
Moderator
Posts: 981
Joined: Tue Dec 03, 2019 3:13 pm
Location: Arizona, U.S.
Has thanked: 52 times
Been thanked: 127 times

Re: How to protect from password guessing?

Post by Flash »

I think that limiting password tries to, say, one each 15 seconds would be enough to discourage most crackers. 15 seconds isn't too long to wait before you can try again if you just mistyped a character, but someone who's trying to guess passwords might consider going into a different line of work if he was only allowed 4 guesses a minute.

Chaos coordinator :?
Post Reply

Return to “EasyOS”