Feature Request - Delete Vault after n wrong password attempts on mobile devices
Hi there,
I was setting up 1Password on my android device. What seems to be missing in the app is the functionality to completely delete the entire vault containing all the passwords / data after n unsuccessful master password attempts. In case your phone gets stolen and someone tries to guess your password after let's say 5 guesses its game over since the vault gets deleted ... what do you think? Perhaps there already is an extension or something like that.
Cheers
Mike
1Password Version: 6.4.1
Extension Version: Not Provided
OS Version: Android 6.0.1
Sync Type: WLAN Server
Referrer: forum-search:feature
Comments
-
Hi @milost. Thanks for reaching out to us with your feature request. :)
1Password is designed to never lock a user out of their vault, even after the Master Password has been incorrectly entered. We don't want to come in between our users and their data. Instead, we have a number of built-in defenses to make it exceedingly difficult (i.e. humanly impossible) to decrypt someone's vault without knowing their Master Password. Someone trying to brute force their way into your vault with a cracking tool, for instance, would be slowed down to the point that their tool would be useless.
That said, there is a way to reset the app data and start over on your devices if you ever need to. If you're using 1Password accounts and your device is lost or stolen, you can revoke access to the lost device, so that anyone who gains access to your device would then need both your Account Key and Master Password in order to access the account from that device again, and you'd be notified when your account was accessed from any new device.
I hope this helps! Let us know if you have more questions or feedback. Thanks!
0 -
I would also like to echo this feature request.
I hear what you are saying, but what you are not considering in your thinking is a forceful request by law enforcement to unlock your vault, beyond your control. On your phone, this is increasingly likely, especially at the border.
In situations like this, it is preferable to have a way to "self destruct" your vault, either by purposefully entering the password wrong a couple of times, OR through the use of a known "self-destruct" password instead of the correct unlock password.
0 -
I'll pass your feedback along to the team, @jkeirstead. However, I'm not sure this will be something we'll add. It's far more likely that someone would forget or mistype their password than it is that they would be compelled to enter it against their will. In the case of the former situation, we'd hate to be responsible for the number of users who would lose all of their data due to our interference, or just because they forgot temporarily, or had caps lock on or something. This happens quite often, and even I mistype my password several times in a row every now and then.
That said, you could delete your vault by signing into your account to delete it, or if you have a local vault only, by deleting the vault folder.
0 -
Your concerns are easily mitigated by not allowing the self-destruct password to be simmilar to the other password.
For the entering the wrong password self-destruct method, Android and iOS both handle this very well. If your phone is set to self-destruct after 10 failed attempts, then the display just starts showing a message "9 attempts remaining" after the first wrong password - so it is very obvious that if you are dong a fat-finger, to start paying closer attention
0 -
Thanks for the feedback! I'll pass this suggestion along to my team!
0 -
I use a android device and Firefox browser on my PC. Today when I tried to access my vault on my phone it would not accept my password several tries. When I came home I was able to access my vault on my desktop. Password worked. I this tried my phone and it refused the entry and locked me out. I have used my phone for several months with no problem.
Any ideas and how do I reset the password on my phone?0 -
@DNewey44 Here are some tips that might help: https://support.1password.com/forgot-master-password/
0
