There is this useless feature where the lock screen tells you that the account is locked for 10 minutes because of three failed attempts to log in, but then I can just bypass it by forcing my computer off then powering it back on. Then what’s the point of having it? I just got a new mechanical keyboard and I don’t know if it has an issue or something, but it happened twice today without me doing anything while the pc is asleep, and it is annoying AF having to force shut down my pc by holding down the power button. This might also cause data loss for me. Is there a way to disable this thing?
Thanks
That’s managed by PAM: https://man.archlinux.org/man/faillock.8.en
I think it’s mostly intended for remote access like when SSH’ing in, it locks up after too many bad attempts.
When you have physical access a lot of security stops being relevant. Although for users with full disk encryption, that’d also force the attacker to wipe the keys in RAM so it’s still got some value.
Ok, I figured it out. Looks like this new mechanical keyboard I got does something when I wake the PC up that causes those 3 attempts to be triggered. So I just set deny = 0 in /etc/security/faillock.conf. And to be more sure, I set the unlock time to 0. Lol That was very stressful. Thank you for bringing up faillock.
How do I disable it? That link doesn’t show where to disable it. It just did it again and it’s driving my fucking insane. I literally didn’t do anything. I just locked my PC from the menu and went back to it to wake it up. I need this off my PC :/
Set nodelay in the config options. By default this should be in /etc/security/faillock.conf
but then I can just bypass it by forcing my computer off then powering it back on. Then what’s the point of having it?
You already have your answer, so I’ll just add that not every implementation is the same. Our VDI deployment provides virtual desktops to remote users. Their own physical power buttons would only reset their thin client, not the remote workstation that has access to our secure network. If they want to reset that 10 minute timer early, they have to call IT and we can reset the virtual machine from our end after confirming that they’re a valid user. But yes, some software security is trivial to bypass if you have no physical security.
I wasn’t asking why I can bypass it, I wanted to get rid of it because it’s useless to me since my PC is physically in my basement and I’m right there trying to use it, not trying to access it remotely. Anyway, I got rid of it.
