Self-destruct feature


#1

Hello,

Recently I lost a phone that had Strip installed. I had a pretty strong password set and removed the cloud account so I had done what could be done to prevent further damage, but I had hoped there was a feature that would self-destroy the local password database after some number of failed logins. I would think if the password is reasonably strong, it would very difficult to make the correct guess in 10 or 20 attempts. It looks like this feature would help avoid the sensitive file getting into the hands of thieves.

Can you please consider adding this feature in the future release?

Much appreciate keeping Strip the best password manager out there.

–jk


#2

Hello @aadoeysc

I am sorry to hear that you recently lost a phone with STRIP installed on it. Thanks so much for the suggestions, we really appreciate it!

We have avoided including a self-destruct feature, we consider the potential for unintended loss of data to be too high for little gain. Instead we’ve focused on steadily improving the encryption [1] that protects your data from attacks. A determined and competent adversary singling you out would not attempt to access your data by logging in through the app repeatedly, but rather pull your encrypted database off the device to attack the encrypted database with more powerful hardware. There are options for performing a remote wipe of the entire device for both iOS and Android which should be considered in the event of a lost or stolen device. Thanks!

[1] https://www.zetetic.net/sqlcipher/design/


Feature request - Codebook for Android
#3

Thank you for a thoughtful reply. Mine was an iOS device configured to wipe data after 10 failed attempts on lock screen. I also initiated a remote wipe request soon after I discovered the loss, but I have no way of knowing if the wipe was executed–let alone successfully so. The phone still shows offline when I try to track it.

As a layman in the security topic, I have a couple of questions.
(1) Is a 6-digit pass code combined with device wipe after 10 failed attempts a reasonably sufficient measure that most thieves would just let the device reset anyway? If this is not the case, then it would seem to me that perhaps installing STRIP on a mobile device should be reconsidered. As with most people, I also have touch ID enabled so that the device locks itself as soon as the screen turns off.

(2) If somehow the device is unlocked within 10 attempts or otherwise the .db file is pulled out of the device, should I automatically assume that all my passwords need to be changed? How much time typically do I have to complete the task?

Thanks!


#4

I think you will find the entropy from a 6 digit password is very low, you may enjoy reading further about this topic here.

An attacker would likely pull the database off the device before attempting to access the content, this would give them a controlled environment from their perspective. We use PBKDF2 with 64,000 iterations to transform a provided password into a key, an intentionally slow process to help thwart brute force attacks. If you have lost your database due to a stolen or lost device, you may wish to change your passwords simple for peace of mind.