[mexicocitinluez]

>This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3?

God, this comment is funny to me. This is pulled straight from this website (https://learn.omacom.io/2/the-omarchy-manual/93/security)

> Omarchy takes security extremely seriously. This is meant to be an operating system that you can use to do Real Work in the Real World. Where losing a laptop can’t lead to a security emergency.

lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?

How many times does your bank allow you to type in the wrong password? Is it 10? Cmon.

[mtlynch]

>lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password? Especially since it's not vetting that actual security of the password itself?

It should, but anything below 100 guesses or so is kind of fine, unless the attacker knows you and has good guesses about your password.

Let's be generous and assume a six character password of all lowercase letters. That's 26^6 possible passwords. That's 3x10^8 possible passwords.

3 guesses means that you have a 0.000001% chance of guessing the password, whereas 10 guesses means your chances are 0.0000032%. Are you worried about a 0.0000022% difference?

The odds are slightly scarier if you limit it to English words, but I still doubt that 3 vs. 10 has any meaningful difference in practical terms.

[OGWhales]

I'm not seeing why 10 is so significantly worse than 3... How big of a difference is that, really? I believe it took something like 6 failed attempts for my bank to lock me out.

[aragilar]

But why change the default? Is this in the top 10 things you would do after installing your distro of choice?

To me, this indicates a lack of judgement around what should be prioritised, which is reflected across the many issues the post raises. Naturally judgement is an acquired skill, which novices lack (and which they gain through experience and guidance), but given the big names associated with the project, that doesn't reflect well on their other projects.

[yjftsjthsd-h]

> lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password?

I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).

> Especially since it's not vetting that actual security of the password itself?

Yes, that should be fixed. But it's a separate matter.

[mexicocitinluez]

> Yes, that should be fixed. But it's a separate matter.

Sure, because the complexity of your password and the amount of times you get before you're locked out historically don't effect each other lol.

[yjftsjthsd-h]

At this scale? No, no they do not. Even if you know my password is a single dictionary word in lower case, the odds of you guessing it in 3 vs 10 guesses is negligible.

In fact, let's do this right now: I've just thought of a random english word and written it down. I'll give you 20 guesses. Guess it right and I'll agree with you.

[anthonylevine]

This has to be satire. HAS TO BE.

"Hey guys, I'm going to prove that an OS that claims that you don't have to worry about security anymore is actually secure by asking a total stranger to guess my password"

lol.

[yjftsjthsd-h]

Since it's so flimsy and insecure, you should guess so you can prove how insecure it is. Alternatively, you could fail to do that, because 10 guesses is safe even against an awful password.

[anthonylevine]

lol But what if, and I know this sounds absolutely insane, the person who stole your laptop knows you and isn't a total stranger on the internet? In your security guru mind, would that effect the probability of them guessing right? Or are you of the opinion that you don't need to worry about people close to you breaking into your stuff?