What I would suggest to keep both the security and user friendliness in entering passwords would be to add a certain number of no-delay attempts (e.g. 3).
This way humans would get a certain number of quick retype attempts in case of typos or different keyboard layouts (often the case with me, as I switch between US and Croatian, depending on what I'm doing). After this initial number, let the exponential delay kick in (2 s, 4 s, ... or whatever it currently is) to prevent any bot-attacks. For a brute force attack, a couple of extra attempts isn't a significant advantage and for humans that makes all the difference in making the system more responsive. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/138654 Title: Annoying and useless delays on password entry errors To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/138654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
