Open sorathpanzer opened 4 years ago
escondida
commented
4 years ago Interesting idea. What would prevent an attacker from simply booting the computer back up and continuing trying to log in, though? Also, it seems like this opens the door to inadvertently losing work in progress if, say, it takes you a couple of tries to realize you left the proverbial caps lock on.
fmartingr
commented
3 years ago The benefit in this case is that the previous session wouldn't be loaded in RAM, though any bad actor would perform that kind of attack vector before trying to type a password anyway but I like the idea to have some kind of action after several failed attempts as an extra security layer.
Barbaross93
commented
3 years ago How would an attacker get access to session data loaded in RAM? Is that mitigated by disabling magic sysrq keys?
Would be possible to implement some kind of "hard secure mode", so that at the 3rd time (as an example) of password insertion mistake, physlock, automatically shutdown the computer! Just an idea. :)