How to reduce the time Windows takes to report a password is wrong?
First as a direct Windows 7 answer from MSDN, the OS is built with the following decision branching for password validation:
Entering a wrong password causes Windows 7 to iterate through its password caching in order to compare all entries. This causes a delay.
If nothing matched in the cache, the computer then has to contact the Domain Controller to validate the password against the account. This causes a delay.
Then when all else has failed in testing for a valid password, you hit the standard bad password delay. For the reasons mentioned over on ServerFault.
After reviewing password policy on Microsoft Technet for Windows 7, Server 2003, Server 2008, the following settings are possible:
Password History, Minimum Password Length, Maximum Password Age, Minimum Password Age, ObservationWindow, LockoutDuration, LockoutThreshold, badPasswordTime, badPwdCount, ntPwdHistory, ForceUnlockLogon
If you're on a domain, this would be set through a GPO and out of your control, however; locally for a computer on a workgroup, you can make the settings through SecPol.msc under Security Settings -> Account Lockout Policy
The only setting even close, badPasswordTime
, is the timestamp the last bad password was entered.
In all the settings, nothing references failed password delay, so it's apparently hard coded into the OS.
Now if you're on Linux, you can add parameters to PAM to allow removal of this delay, if it was set up to accept the parameter, otherwise, you have to recompile the pam module that controls this function with settings of your own choice.