Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto clear application data if the wrong pin is entered repeatedly #356

Open
O35dE opened this issue Apr 7, 2024 · 4 comments
Open

Auto clear application data if the wrong pin is entered repeatedly #356

O35dE opened this issue Apr 7, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@O35dE
Copy link

O35dE commented Apr 7, 2024

After a certain number of times the wrong PIN is entered, all local databases, backups and references to remote files are automatically deleted from the application.

This would add security to the use of the application and improve data protection in case of compromise of access to the iphone.

@O35dE O35dE added the enhancement New feature or request label Apr 7, 2024
@keepassium
Copy link
Owner

Looks like a duplicate of #6

@keepassium keepassium closed this as not planned Won't fix, can't repro, duplicate, stale Apr 8, 2024
@keepassium keepassium added the duplicate This issue or pull request already exists label Apr 8, 2024
@O35dE
Copy link
Author

O35dE commented Apr 10, 2024

Sry but no, they are different, suggestion in #6 is related to a special duress pin that you insert on purpose to perform some security measures that may include the deletion of everything within the app, this suggestion here is similar to Strongbox’s app protection approach - if someone (opponent) inserts a given number of times the wrong pin, it will delete all local DBs, remote references, keys, etc…

The solution in #6 requires that a specific PIN be entered, which presupposes the deliberate action of the authorized user who, under some form of threat, resolves i.e. to delete all data. Then he/she enters a special PIN created previously. This resource can be based on the application itself or based on each DB separately.

The solution proposed here is related to the compromise of access to the iPhone - whatever the wrong PIN entered, either by the authorized user or an opponent, after a given number of attempts all local files and external references are deleted from the application.

These two solutions are not, however, exclusive - the application can have both features: a duress PIN, wheter based on the application as a whole or on each DB, to be triggered in a fast single entry by the authorized user when judged under some threat (#6), and the feature proposed here, to be triggered in the case of compromise of access to the iPhone, after a given number of attempts with whatever the wrong PIN.

@keepassium
Copy link
Owner

You are right, duress PIN and several failed PIN attempts are different. Thank you for the thorough description. Reopening.

@keepassium keepassium reopened this Apr 10, 2024
@keepassium keepassium removed the duplicate This issue or pull request already exists label Apr 10, 2024
@O35dE
Copy link
Author

O35dE commented Apr 10, 2024

Thanks a lot for reopening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants