-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto clear application data if the wrong pin is entered repeatedly #356
Comments
Looks like a duplicate of #6 |
Sry but no, they are different, suggestion in #6 is related to a special duress pin that you insert on purpose to perform some security measures that may include the deletion of everything within the app, this suggestion here is similar to Strongbox’s app protection approach - if someone (opponent) inserts a given number of times the wrong pin, it will delete all local DBs, remote references, keys, etc… The solution in #6 requires that a specific PIN be entered, which presupposes the deliberate action of the authorized user who, under some form of threat, resolves i.e. to delete all data. Then he/she enters a special PIN created previously. This resource can be based on the application itself or based on each DB separately. The solution proposed here is related to the compromise of access to the iPhone - whatever the wrong PIN entered, either by the authorized user or an opponent, after a given number of attempts all local files and external references are deleted from the application. These two solutions are not, however, exclusive - the application can have both features: a duress PIN, wheter based on the application as a whole or on each DB, to be triggered in a fast single entry by the authorized user when judged under some threat (#6), and the feature proposed here, to be triggered in the case of compromise of access to the iPhone, after a given number of attempts with whatever the wrong PIN. |
You are right, duress PIN and several failed PIN attempts are different. Thank you for the thorough description. Reopening. |
Thanks a lot for reopening. |
After a certain number of times the wrong PIN is entered, all local databases, backups and references to remote files are automatically deleted from the application.
This would add security to the use of the application and improve data protection in case of compromise of access to the iphone.
The text was updated successfully, but these errors were encountered: