All users were logged out of Bugzilla on October 13th, 2018

Wipe phone if password is incorrect after 10 tries

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
5 years ago
8 months ago

People

(Reporter: epang, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: visual design, visual-tracking, jian)

(Reporter)

Description

5 years ago
Wipe phone if password is incorrect after 10 tries. Referencing Remote wipe feature which would too difficult to implement without a cloud service.

Currently when someone steals your device they can attempt the password unlock as many times as they want without consequence.  Proposal for a security feature that after 10 incorrect password attempt the device is wiped (on board memory and SD Card) to factory default.  The procedure would go as follows at 5th and 10th attempt you'd get a warning that you're going to wipe your device if you continue to input your password incorrectly, please type a specific word, ie. "Firefox" to proceed (that way the system would make sure you don't have caps lock on or something).
(Reporter)

Comment 1

5 years ago
this important in our markets where theft is a major issue.
(Reporter)

Updated

5 years ago
Whiteboard: visual design, visual-tracking, → visual design, visual-tracking, hanzo

Updated

5 years ago
Assignee: administration → nobody
(Reporter)

Comment 2

5 years ago
Hi Francis, this is an issue Patryk brought. Let me know if you are the wrong person for me to needinfo, but it would be great to get this started soon. Thanks!
Flags: needinfo?(fdjabri)
Hi Eric, 

I'll work with Peter to get this on the Systems Components backlog.
Flags: needinfo?(fdjabri)
(Reporter)

Comment 4

5 years ago
(In reply to Francis Djabri [:djabber] from comment #3)
> Hi Eric, 
> 
> I'll work with Peter to get this on the Systems Components backlog.

Great, thanks guys!

Comment 5

5 years ago
And what about cases when a parent gives the phone to the child and the kid by accident or just not knowing what it's doing enters the password incorrectly 10 times? Or friends playing jokes on each other? I believe that it is really important that if you introduce this feature you need to also support good and easy backup mechanism (no adb is not enough;) ) .

Updated

5 years ago
Duplicate of this bug: 899462
(Reporter)

Comment 7

5 years ago
Hi Francis, did this end up making it into the Systems Component Backlog?
Flags: needinfo?(fdjabri)

Comment 8

5 years ago
I am flagging Bruce on this, as he is PM for System Platform now, but I belive the WheresMyFox project supersedes this, as it proposes a different solution for dealing with theft and is much broader in reach.
Flags: needinfo?(fdjabri) → needinfo?(bhuang)
(Reporter)

Updated

5 years ago
Whiteboard: visual design, visual-tracking, hanzo → visual design, visual-tracking, jian
(In reply to Eric Pang [:epang] from comment #0)
> Wipe phone if password is incorrect after 10 tries. Referencing Remote wipe
> feature which would too difficult to implement without a cloud service.
> 
> Currently when someone steals your device they can attempt the password
> unlock as many times as they want without consequence.  Proposal for a
> security feature that after 10 incorrect password attempt the device is
> wiped (on board memory and SD Card) to factory default.  The procedure would
> go as follows at 5th and 10th attempt you'd get a warning that you're going
> to wipe your device if you continue to input your password incorrectly,
> please type a specific word, ie. "Firefox" to proceed (that way the system
> would make sure you don't have caps lock on or something).

Just noticed that this is getting UX attention. Is this a partner request? Is there a reason to be devoting time to this feature? I have many concerns about this feature:

a) brute-forcing (or guessing) is now non-trivial due to bug 888911. Wiping after 10 tries doesn't really add much security given exponential lockout is in place.
b) wiping the device doesn't actually wipe the data unless we implement some kind of secure wiping
c) wiping introduces the very real possibility of someone wiping your device giving short term access (e.g. practical joke, accidental, malicious etc)

I really don't think this feature should be a priority. Remote wipe maybe, but that is a very different case.
Vishy, does this type of scenario get addressed in WIMF?
Flags: needinfo?(bhuang) → needinfo?(vkrishnamoorthy)

Comment 11

5 years ago
Bruce, it does. There is a complete UX and technical design for remote wipe as part of the Where Is My Fox flow. For this reason, I am Resolving this as Invalid since this particular design is not the way remote wipe works (or should work), and because it is superseded by a more complete feature.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Flags: needinfo?(vkrishnamoorthy)
Resolution: --- → INVALID

Comment 12

5 years ago
Reopening this bug as I feel that there is a usecase that is not covered by WMF and remote wipe. 
Here's the rationale for reopening the bug:

WMF and Remote wipe will address the usecase presented in comment#0 only if
a) the user has enabled WMF
b) there is a network connection to the device  to initiate remote wipe.

If either a) or a+b) is not true, then remote wipe will not work. 

As pauljt mentions in comment#9, it could be a low priority feature given that it is now harder to brute force the password
Status: RESOLVED → REOPENED
Resolution: INVALID → ---

Comment 13

5 years ago
Vishy, I disagree. The bug as stated is specifically to wipe the phone after 10 attempts. That is not a feature UX will agree to build, nor how remote wipe is designed for WIMF. 

The issue you describe is a new issue that needs to be addressed, but that will not be solved in the manner of the feature described here. This bug, as stated originally, will not be implemented and thus should be closed. 

If there is a new use case, as you mention, that should be addressed as part of WIMF (as we discussed in IRC earlier), then that deserves to be a new bug after it is also addressed through additions to the WIMF specs. Bugs that evolve from one explanation to another, and have a misleading title as this one would, can cause a great deal of confusion and issues in implementation. 

Flagging Doug for his input as well.
Flags: needinfo?(doug.turner)
 (In reply to Stephany Wilkes from comment #11)
> Bruce, it does. There is a complete UX and technical design for remote wipe
> as part of the Where Is My Fox flow. For this reason, I am Resolving this as
> Invalid since this particular design is not the way remote wipe works (or
> should work), and because it is superseded by a more complete feature.

This has potential to be a valid security control and is a somewhat common requirement in a corporate security environment, so I don't think we should just close it (at least not without at least creating an alternative bug to track this). But as per comment 5 and comment 9, this really is a pretty low priority, and needs more than few pieces to be in place before it is safe or useful (strong backup story, support for secure data wipe).
not sure this is a WIMF thing, instead it is a general security feature of gaia, right?
Flags: needinfo?(dougt)

Comment 16

8 months ago
Firefox OS is not being worked on
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.