4

In both my Linux and OSX machines when I type in the password to login, a correct password is accepted immediately. However, if I type a wrong password, checking process takes much longer.

How is the process of password authentication in a UNIX machine?

Note: I have experienced this in Gnome3, Gnome2, Unity and different versions of OSX. That's why I believe it is not about some fancy animations that desktop environments have to alert a wrong password.

Pouya
  • 875

2 Answers2

5

This is a security feature and slows down an attacker who tries passwords.

jofel
  • 26,758
5

This is a security feature.

It is set in /etc/login.defs on the line 

FAIL_DELAY              N

where N is the time in seconds to delay another attempt.

terdon
  • 242,166
  • This fails to answer the question: why?. The additional information is not universal to Unix-based systems. – jwg Nov 13 '14 at 14:56
  • How doesn't this answer why ? It clearly has a delay because it is set in a file, and it may be different files depending on how you have your system set up(e.g PAM authentication) but this is the default on all linux machines.Unless of course you wanted me to explain how this file is read and how the system processes this and delays the login, which seems a bit out of scope for this question. –  Nov 13 '14 at 15:06
  • "Why" in this context means "Why does this feature exist, since it seems like a terrible idea?" (As for why one might think it's a terrible idea, see https://unix.stackexchange.com/a/213668/176805.) – Resigned June 2023 Dec 19 '19 at 03:31