Feature Request: Self-destruct (i.e., delete database after wrong password input)

Hello,

I have a question:
Can you build in an option which delete the 1Password database after an adjustable count of wrong inputs of master password? I think, it's a good way against hacker attacks.

And this option in 1Password for Mac and iPhone, please.

Comments

  • khad
    khad
    1Password Alumni
    Good question!

    Suggestions like this come up occasionally, and I certainly see why people might find it an attractive idea. But when we analyze these from a security perspective, we find that such a feature might provide the user with an impression of additional security without actually increasing genuine security.

    The need to having good backups in a case like this is obviously important. Accidental or malicious destruction of someone's data with such a mechanism is possible. Part of data security is providing "data availability." We know how important your 1Password data is to you, and we want to make sure that you always have access to it. At the same time, the existence of the backups mean that such a "self destruct" mechanism would only be getting at one of several copies anyway.

    Self-destruct mechanisms are also easily defeated unless running on a very tightly controlled operating system. (So these would be possible on iOS, but not on the Mac or Windows). The easiest way to defeat such a mechanism is to write a separate program that doesn't use 1Password at all but still tries to break into your 1Password data.

    You also shouldn't underestimate the strength of the encryption of your data. If your master password is reasonably okay, the time it would take to automatically guess and test enough master passwords to come close to getting yours is literally astronomical. That is, we are talking about measuring the time in terms of the age of the universe.

    You might be interested to learn that Apple's own Remote Wipe feature in iOS 4 actually just destroys the unique hardware encryption key that is built into every iOS device. It does not physically remove the data, it just removes any chance of ever decrypting it.

    It's great that you are thinking about this issues and what would make your data more secure. I love talking about these kind of things. In this particular case what seems initially appealing doesn't hold up under under closer examination, but that shouldn't discourage you from thinking about these things and posing suggestions.

    Cheers,
  • luke1970
    luke1970
    Community Member
    khad wrote:

    At the same time, the existence of the backups mean that such a "self destruct" mechanism would only be getting at one of several copies anyway.


    The "self destruct" mechanism must be include the backups.
    I think, "self destruct" is good for iPhone/iPad or MacBooks. Not for a stationary Mac at home with an connected backup drive (Time Maschine).
  • khad
    khad
    1Password Alumni
  • luke1970
    luke1970
    Community Member
    khad wrote:

    This is already provided in iOS for iPhone, iPod touch, and iPad:

    http://osxdaily.com/...sword-attempts/


    But not on 1Password for MacOS X. :-)
  • khad
    khad
    1Password Alumni
    Ah. I missed part of your last sentence. I though you were saying you weren't looking for this feature on the Mac but only for iOS. You actually made a distinction between portable Macs and desktop Macs. I see that now.

    Again, thanks for the feedback. We appreciate knowing that you are interested in this and will take that under advisement. :)

    Cheers,
This discussion has been closed.