What is the point of having a timeout error on a password prompt?

Now I don't know if this happens on one thing, but on Lite, if you don't give an administrator password for something, it'll give up and return an error saying it HAS given up and doesn't perform the action while the password prompt stays open. I've only seen this while I tried to modify a user on my computer but ended up making a mistake while typing my long and complex password.

What even is the point of this? Maybe it's for security?

You do not want to keep an open running process beyond its immediate use, especially one related to Authentication. As a LightWeight desktop, XFCE also is persistent about closing out processes when they are not needed.

Aside from resources like CPU time or RAM; you also want to keep authentication limited to keep tight security.

But what if you have a complex password that's at least 30-40 characters long? Surely it's very hard to get past that timeout error with that password.

Why would you do that?

I must point out that the Timeout only kicks in on an Inactive Window. Even if you are typing a 30 character password for 50 seconds... the timeout should not take effect while you are actively in the window typing.

I believe that the timeout duration is hard coded in this directory somewhere src/libsystemd/sd-bus/ but I have not really looked into this issue before.


I use a 4 digit PIN

When I need more security, I do have some system passwords that are 14 characters long and use different cases and symbols.
And those passwords are quite secure.

You might consider changing that password to something less... Godzilla...

I've never set a 30-40 character password in my lifetime. However, I do set 16 character passwords.

1 Like

Ah, I misunderstood you... well.. the post I made above answers that question.

I suspect that 4 digit pins could be hacked, but it would take 1023 attempts to get it! (Once checked this out using n! function on a calculator - number of permutations for a 4 digit number!

1 Like

This is true - however on my own limited access local machine in my home - this is simply not going to happen.

And I have 14 character strong passwords for the portable devices that may need more protection.

Have I missed something obvious? Surely there are 10,000 permutations for a four digit number: 0000 to 9999.