Feature Request: Data wipe after multiple failed password attempts #1749
Description
Deleting app data after multiple incorrect password entries.
This is a great app, and using a custom password as an alternative to device biometrics is an excellent differentiator compared to other OTP apps. However, currently, the password can be entered indefinitely. If an attacker gains access to the device, this allows them to eventually guess the password, access the codes, and export them.
"Must have" solution:
I suggest implementing a security feature (with an enable/disable option in Settings) where several failed attempts trigger a wipe of all accounts stored in the app.
"Nice to have" solution:
As an intermediate step before the final wipe, you could also implement a 'lockout' period - disabling further attempts for a set duration (e.g., several minutes) - with the full data reset occurring only after a higher number of failed attempts.