A request and a information

Hi,

In a future release, can we have a option that will delete all the local database after 10 passwords in error… like on my secure usb key.
This will prevent a force brute attack on my phone if it’s stolen.

For information, there is a translation error in the French version for Windows : in categories, wallet means « Portefeuille » and not « Porte-monnaie » (this is for coins).
In the tab, the traduction is correct, but it’s « Portefeuille » and not « Porte-feuille ».

Keep up the good work ;-)

Comments

  • brentybrenty

    Team Member

    In a future release, can we have a option that will delete all the local database after 10 passwords in error… like on my secure usb key. This will prevent a force brute attack on my phone if it’s stolen.

    @Arnaud68: This actually isn't necessary — or helpful. If someone has access to your device, they don't need to hammer on the 1Password app like infinite monkeys on so many typewriters.


    "Given an infinite length of time, a chimpanzee punching at random on a typewriter would almost surely type out all of the possible encryption keys."

    They can simply attack the vault itself, and make as many attempts on the database as they wish. It would be smarter of them to simply copy it and let you keep your phone so you're none the wiser.

    But more importantly, 1Password's security doesn't depend at all on a pretty vault GUI where you enter your Master Password to unlock it. Your Master Password is strengthened with PBKDF2 to slow down the number of attempts that can be made in quick succession. This is built into the encryption itself, and not something enforced superficially by policy, because it's elementary for someone to ignore the app completely and just attack the database itself.

    But keep in mind that in most cases nowadays, whether we're talking about mobile devices or computers, full disk encryption is supported (and often enabled by default). If the contents of the device are encrypted in the first place, it won't be possible to even get to 1Password's own encrypted data without breaking the OS's first. This requires fairly recent hardware, but it's something that is becoming fairly ubiquitous.

    For information, there is a translation error in the French version for Windows : in categories, wallet means « Portefeuille » and not « Porte-monnaie » (this is for coins). In the tab, the traduction is correct, but it’s « Portefeuille » and not « Porte-feuille ». Keep up the good work ;-:-1:

    Thank you very much! I've made this change in our translation system based on your suggestion, and you're welcome to contribute there any time:-1:

    CrowdIn: 1Password for Windows desktop

    I hope I've answered your questions, but be sure to let me know if you have any others. Cheers! :)

    iu.jpeg 58.4K
This discussion has been closed.