Auto-login potential security issue?

[psyhomb]

What happens if SDDM terminates when returning from suspend or in any situation where the system session is expected to be locked? Would that allow the user to re-enter the system without a password prompt?

I would also like to propose using a lighter login manager as a replacement for SDDM. Greetd is a minimal, flexible, Rust based login manager daemon that makes no assumptions about which session you want to launch and is fully Wayland native.
In contrast, SDDM is still considered experimental on Wayland and brings along unnecessary Xorg, Qt dependencies.
Additionally, you can pair it greetd with greeter such as tuigreet, and you will be able to configure an initial session (auto-login) while still providing a fallback default session. This ensures that if greetd restarts, the user will be prompted to authenticate through tuigreet.

Example greetd configuration that I'm currently using in my Omarchy setup:

/etc/greetd/config.toml

[terminal]
vt = 1

[default_session]
command = "tuigreet --theme 'time=yellow' --time --remember --remember-session --power-shutdown '/usr/bin/systemctl poweroff' --power-reboot '/usr/bin/systemctl reboot' --cmd 'uwsm start -- hyprland -c ~/.config/hypr/hyprland.conf'"
user = "greeter"

[initial_session]
command = "uwsm start -- hyprland -c ~/.config/hypr/hyprland.conf"
user = "<username>"