[nabbed]

Based on this description, it sounds like someone walking past your unattended desk and bent on disrupting your day but not stealing your data, could enter in a garbage password into the lock screen a few times and lock you out of your own laptop.

I guess the same also works for cloud accounts as well. I remember, back in the mid-2000s, trying to log into my hotmail account (never having failed to log in before) and getting a "locked out due to too many bad passwords". So someone, only knowing my user account name (which was the same as my email address), locked me out of my own account. The problem was, I couldn't remember what my recovery accounts were (I eventually figured it out).

[crazygringo]

Heck, once I cycled for half an hour with my iPhone in my pocket, and somehow the phone against my leg was in just the right position that it kept interpreting my leg movements as trying to enter a passcode.

Got home, pulled out my phone, and it had a message that it was locked for several hours due to so many failed passcode attempts. Incredibly annoying.

Still, only happened once in well over a decade of owning an iPhone.

I was mostly frustrated that there wasn't some alternate way of regaining access, like via my Mac or iPad logged in with the same Apple ID. Or that the failed passcode attempts didn't start eventually playing a loud alert sound or something on each failure.

[Nursie]

Yeah I used to get this a lot because I have my phone in my pocket when I'm doing land maintenance around the place here. It's massively annoying. That and watch gestures firing off and interrupting the music I'm listening to while I'm using powertools.

I've had to turn off a lot of features. All of the "raise to wake", always-on screens, gesture controls, movement controls on the watch, live activities on the watch, all sorts of stuff, anything related to movement or waking up the phone other than by a button press. Also had to turn the watch so the buttons are on the left to stop my gloves pressing them constantly.

It's a bit sad really, I think I've missed out on some decent features there. But compared to being locked out and/or having random actions trigger, it's an improvement.

[nabbed]

>I've had to turn off a lot of features.

On my pixel 4a, I had to turn off a "call 911" feature that I think was initiated by shaking the phone. I took a couple of walks with the phone in my front pocket, and the movement from my leg called 911 (which I would only find out when the police would call me back to ask if everything is OK).

[Nursie]

Yeah that is unfortunate and embarassing. I think I nearly called them a couple of times before I flipped my watch around.

Current gripe is that every so often, usually when my hands are busy, Siri interprets my "Hey Siri fast forward" to skip an ad on the podcast I'm listening to as an instruction to call Troy. Troy is a roofer I got to quote some work last year! He has picked up twice to me going "Sorry, really sorry, my robot called you ..."

[HDBaseT]

It's even worse if you configure 10 incorrect attempts to wipe your device. This is fairly common apart of MDM Managed business provided devices.

[riversflow]

In such situations I'll put it in Low Power Mode & Water Mode which works fairly well locks it down from stray input.

[Nursie]

Yeah the water-lock mode is really useful! Discovered that later.

[trillic]

Same anecdote, keep my phone in my saddle bag now.

[varispeed]

Remember entering password to one service I subscribed to. It was Friday evening. I typed it wrong 5 times and my account was locked out with a message to contact customer service. Customer service was open from Monday to Friday 9am to 5pm. So I was unable to use it for a couple of days. It was painful experience. I found an alternative though and on Monday cancelled it.

[WatchDog]

I wish there was a way to cap the lockout time.

It makes sense for 4 digit codes, but I have a 20ish character password, I once locked myself out, and it was an incredibly frustrating experience.

My password can't be brute forced even with offline access to the hash, there is no risk of it being brute forced from keyboard input.

[duskwuff]

The description is misleading. What made the OS create a new keychain was resetting their login password, not the failed password attempts.

(The login keychain is encrypted using the user's password, so it's reasonable to create a new one when the password is changed - otherwise, you end up in a situation where applications constantly pop up prompts for a password the user doesn't know every time they try to access the keychain, e.g. to load saved passwords in Safari. I've seen this happen on older versions of macOS and it's positively infuriating.)

[arkoinad]

Well i did mention that resetting my laptop password moved the old keychain to login-1.keychain-db.