Closed Bug 882092 Opened 11 years ago Closed 6 years ago

Wipe phone if password is incorrect after 10 tries

Categories

(Firefox OS Graveyard :: Gaia, defect)

Product:
Firefox OS Graveyard
Component:
Gaia
Platform:
All
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: epang, Unassigned)

References

Details

(Whiteboard: visual design, visual-tracking, jian) 

Wipe phone if password is incorrect after 10 tries. Referencing Remote wipe feature which would too difficult to implement without a cloud service.

Currently when someone steals your device they can attempt the password unlock as many times as they want without consequence.  Proposal for a security feature that after 10 incorrect password attempt the device is wiped (on board memory and SD Card) to factory default.  The procedure would go as follows at 5th and 10th attempt you'd get a warning that you're going to wipe your device if you continue to input your password incorrectly, please type a specific word, ie. "Firefox" to proceed (that way the system would make sure you don't have caps lock on or something).
this important in our markets where theft is a major issue.
Whiteboard: visual design, visual-tracking, → visual design, visual-tracking, hanzo
Assignee: administration → nobody
Hi Francis, this is an issue Patryk brought. Let me know if you are the wrong person for me to needinfo, but it would be great to get this started soon. Thanks!
Flags: needinfo?(fdjabri)
Hi Eric, 

I'll work with Peter to get this on the Systems Components backlog.
Flags: needinfo?(fdjabri)
(In reply to Francis Djabri [:djabber] from comment #3)
> Hi Eric, 
> 
> I'll work with Peter to get this on the Systems Components backlog.

Great, thanks guys!
And what about cases when a parent gives the phone to the child and the kid by accident or just not knowing what it's doing enters the password incorrectly 10 times? Or friends playing jokes on each other? I believe that it is really important that if you introduce this feature you need to also support good and easy backup mechanism (no adb is not enough;) ) .
Hi Francis, did this end up making it into the Systems Component Backlog?
Flags: needinfo?(fdjabri)
I am flagging Bruce on this, as he is PM for System Platform now, but I belive the WheresMyFox project supersedes this, as it proposes a different solution for dealing with theft and is much broader in reach.
Flags: needinfo?(fdjabri) → needinfo?(bhuang)
Whiteboard: visual design, visual-tracking, hanzo → visual design, visual-tracking, jian
(In reply to Eric Pang [:epang] from comment #0)
> Wipe phone if password is incorrect after 10 tries. Referencing Remote wipe
> feature which would too difficult to implement without a cloud service.
> 
> Currently when someone steals your device they can attempt the password
> unlock as many times as they want without consequence.  Proposal for a
> security feature that after 10 incorrect password attempt the device is
> wiped (on board memory and SD Card) to factory default.  The procedure would
> go as follows at 5th and 10th attempt you'd get a warning that you're going
> to wipe your device if you continue to input your password incorrectly,
> please type a specific word, ie. "Firefox" to proceed (that way the system
> would make sure you don't have caps lock on or something).

Just noticed that this is getting UX attention. Is this a partner request? Is there a reason to be devoting time to this feature? I have many concerns about this feature:

a) brute-forcing (or guessing) is now non-trivial due to bug 888911. Wiping after 10 tries doesn't really add much security given exponential lockout is in place.
b) wiping the device doesn't actually wipe the data unless we implement some kind of secure wiping
c) wiping introduces the very real possibility of someone wiping your device giving short term access (e.g. practical joke, accidental, malicious etc)

I really don't think this feature should be a priority. Remote wipe maybe, but that is a very different case.
Vishy, does this type of scenario get addressed in WIMF?
Flags: needinfo?(bhuang) → needinfo?(vkrishnamoorthy)
Bruce, it does. There is a complete UX and technical design for remote wipe as part of the Where Is My Fox flow. For this reason, I am Resolving this as Invalid since this particular design is not the way remote wipe works (or should work), and because it is superseded by a more complete feature.
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(vkrishnamoorthy)
Resolution: --- → INVALID
Reopening this bug as I feel that there is a usecase that is not covered by WMF and remote wipe. 
Here's the rationale for reopening the bug:

WMF and Remote wipe will address the usecase presented in comment#0 only if
a) the user has enabled WMF
b) there is a network connection to the device  to initiate remote wipe.

If either a) or a+b) is not true, then remote wipe will not work. 

As pauljt mentions in comment#9, it could be a low priority feature given that it is now harder to brute force the password
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Vishy, I disagree. The bug as stated is specifically to wipe the phone after 10 attempts. That is not a feature UX will agree to build, nor how remote wipe is designed for WIMF. 

The issue you describe is a new issue that needs to be addressed, but that will not be solved in the manner of the feature described here. This bug, as stated originally, will not be implemented and thus should be closed. 

If there is a new use case, as you mention, that should be addressed as part of WIMF (as we discussed in IRC earlier), then that deserves to be a new bug after it is also addressed through additions to the WIMF specs. Bugs that evolve from one explanation to another, and have a misleading title as this one would, can cause a great deal of confusion and issues in implementation. 

Flagging Doug for his input as well.
Flags: needinfo?(doug.turner)
 (In reply to Stephany Wilkes from comment #11)
> Bruce, it does. There is a complete UX and technical design for remote wipe
> as part of the Where Is My Fox flow. For this reason, I am Resolving this as
> Invalid since this particular design is not the way remote wipe works (or
> should work), and because it is superseded by a more complete feature.

This has potential to be a valid security control and is a somewhat common requirement in a corporate security environment, so I don't think we should just close it (at least not without at least creating an alternative bug to track this). But as per comment 5 and comment 9, this really is a pretty low priority, and needs more than few pieces to be in place before it is safe or useful (strong backup story, support for secure data wipe).
not sure this is a WIMF thing, instead it is a general security feature of gaia, right?
Flags: needinfo?(dougt)
Firefox OS is not being worked on
Status: REOPENED → RESOLVED
Closed: 11 years ago6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.