Is there a setting that will make a log entry that shows the PASSWORD_STRING used when the login fails?

I realize that this will often catch a simple typo, but I'm thinking that I can automatically watch the log and throw an alarm if that happens too often.
My few users do a pretty good job of using strong passwords. My guests not so much. Some guest users are teen boys (I have grand sons) and so I'm wanting to know that someone is pecking around -- not just "failed login" but which PASSWORD_STRING were they pecking with.

Thanks in advance,
~~~ 0;-Dan

Passwords are hashed. If plain text is available, that would render the hashing useless. So, you are unlikely to be able to get the plain text, unless you can hack into the kernel memory.

There's nothing to stop you creating accounts using passwords you prefer and assign them to users.

I'd imagine script kiddies usually peck around with a common hacking-dictionary set of words.

breach of privacy, i'd say.
you should not know your users' passwords.
why not simply log the amount of login attempts?
if it's more than a few times per minute, more than a dozen times per hour, etc. it's VERY likely to be a cracking attempt.
even then you don't have to ban the IP compltely, just start with a penalty of 1 hour or so.
software exists that does that for you (fail2ban?).

As said it would be a breach of the data protection laws at least, and certainly immoral.
You cannot even excuse yourself by saying you might need access to their data in an emergency, since there are far better way around that.
Whenever I had to work on people's machines, I always either asked them to remove passwords temporarily or change it to something not connected with their usual one. I always insisted on them changing the passwords as soon as they were happy with the work done.
This has two side affects.
They tend to trust you more since they know full well that you will likely have to have access to their data to protect it from any hardware errors - back up for instance.
It forces them to change the password when they get it back and therefore tends to protect you from any future data losses.

I don't understand. Your grandkids are sometimes guest users on your system, and they try to guess passwords to other accounts? And you want to know which words they are using to guess at the correct password?

My thoughts worked like this:

• {user} tries to login -- the login fails
• they keep trying ... still fails
• they ask me for help with login

I could simply force a fresh, known, easy-to-type string. They gripe that they like what they are using blah blah blah. As an example, their password is AbcdEfgh31415. Their problem is that they forget the capital-E
in the middle of things. I was hoping to log what they actually typed so that I could see, Abcdefgh31415 on the failed attempt(s).

As this machine is home-office internal, and the users are family, I was focused on helpful.
Thanks to all for the privacy reminders.

~~~ 0;-Dan

Even when the Authorities get permission to break into machines, they NEVER NEVER get the user's password without being given it.
If it is possible (remember the Apple case) to break in, it is only possible to remove the password necessity, or to overwrite it with a known one. That way the user will know it has been hacked.
Passwords are "one time" encrypted and cannot be decrypted (well except by trying every single possibility).

Then just force what they (think) they are using?

[Tho, I get the desire to show them what they're doing "wrong"...]

Since these are family youngsters, I was hoping to use the teachable moment.
I'll find another way...

Thanks to all,
~~~ 0;-Dan