Is the lock screen secure?

security password login lock-screen

Solution 1:

They could try to brute-force your password, you might want to set it up so accounts are locked out after too many failed attempts. You didn't ask how, but if you're interested you can read more here https://web.archive.org/web/20190831173642/http://blog.bodhizazen.com/linux/ubuntu-how-to-faillog/

Edit : including steps as requested

Open /etc/pam.d/common-auth and add the line AT THE TOP OF THE FILE:

auth required pam_tally.so per_user magic_root onerr=fail

To set the number of attempts allowed & timeout

faillog -m 3 -l 3600

Where 3 is the number of attempts allowed and 3600 seconds (1 hour) is how long to lock out the account for.

You can omit the -l part and the account will be locked out forever, however I would really not recommend that since your hard drive is encrypted. It would make your files very difficult to recover if you locked yourself out. If you choose to omit the lockout time, I would at least increase the number of attempts, because it's not that difficult to enter your password wrong 3 times.

Solution 2:

Any way? Yes, look up the liquid nitrogen RAM attacks. It's always a question of how secure you want to be, not being undefeatable. If an attacker needs a dewer of LN on hand to defeat you, you're fairly likely to see him coming.

Solution 3:

If the attacker has physical access to your RAM then he can get your keys. I don't see any way to prevent that.

What I suggest, if you have sensitive data that you want to protect:

Install a virtual system inside of an encrypted container.

Using VirtualBox or some other virtualization software you can save the current state of the virtual system at any time.

Write one script (open-vm) to open the container and restore the virtual system and another (close-vm) that will save the state of the virtual system and close the encrypted container.

Then just get lock screen to trigger those scripts or call them yourself when you need to. You'll need to provide the decryption password for your container every time you want to restore the container but at least you can leave your system running when you step away for a few minutes.

This also has the benefit that if an unsophisticated attacker intimidates you into opening your laptop you can do so and they still won't have access to your encrypted virtual system that they probably won't know about.

Note: Your encrypted container password should be as strong as your HDD password, under the assumption that the attacker will bypass your screen lock and have unlimited computing power to try to crack the encrypted container.

Note 2: I'm assuming that VirtualBox won't cache data in places you don't expect it to and will clear any traces of the virtual system when it's shut down. This is possibly a dubious assumption.

Related

Do the Ubuntu repositories just keep growing?
How to use USB connection for Internet from a PC to a cellphone?
How to set up IPv6 with netplan on Ubuntu 18.04?
Ubuntu 20.04 lts Could not access fingerprint readers
What are the accessibility problems of Qt?
Automatically sync a folder to a USB when USB is plugged in?
Can I make mailto: links open up in gmail instead of evolution?
How to index a pdf document?
How do I get rid of all the Unity bars?
Is there a way I can block a folder from Gnome and/or Unity search?
What is the *right* way to use gnome-shell integrated chat?
How do I use the fingerprint scanner on a HP Probook?