Extra Password for the app-unlock process

Hi folks!

I use Cryptomator on iOS-Devices. I uns different very long passwords in each of the vaults and so i’ve switched to TouchID.

  1. It’s possible to unlock the app with an another, separated code (about 4-8 digits), like th app “MiniKeePass”?
  2. And if the unlock-code is wrong, the vault-links should be deleted after 3-5 incorrect entries (for exampel).

So that would be great!

Thanks a lot,
Wile

Hi.

You can use TouchID for accessing the vaults without entering long passwords every time you want to unlock them

If you have a vault mounted, go to settings -> Touch ID and just activate the general function. and for each vault set your password once. this enables you also to use your fingerprint for different vaults with different passwords. Passwords are stored safely in the apple keychain.

Hello Michael!

Yes, i know that and i use the TouchID to unlock the safe. But TouchID is not so safe as it seems. Or what about state controls? That’s why who an (optional) additional unlock code for the app itself would be great and also a deletion function in case of failed attemps.

Thanks,
Wile

Hi, I woukd appreciate an easy 4 digit unlock as well.

PS: Security for me is: not storing the fingerprint at all, especially not on an Android/ iOS device.

But I would like to have a 16 char password for my cloud storage and a 4-6 char pw for the access app on my local device. 16 char for a simple login is awkward.

In my opinion, I think the Cryptomator team should implement this “password to unlock the App with a PIN” function. After all, the app is not free and should be further developed. Also many tablets do not have fingerprint support, so using Cryptomator is nearly impossible if you keep to good practice and have a strong password (which generally are long and not easy to remember)

I’d also like to request this. I just bought the app on the Play Store, and I’m quite disappointed to see it doesn’t have this feature. It’s pretty standard practice in most privacy/security-related apps to have a PIN option, so our random 20-character encryption passphrases don’t need to be entered every time. LastPass, Authy, Boxcryptor, etc. all have PINs.

Please consider it! :slight_smile:

As we know the master password is very clunky on mobile device due to length, small keys on mobile, and swiping disabled during password entry. Cryptomator mobile app (at least on Android) provides a great alternative of biometrics (typically fingerprint) to unlock. That’s great, but maybe not ideal, for two reasons:

  1. biometrics (fingerprint) is the same method used to unlock my android phone. if someone can somehow figure out a way past the fingerprint to get into my phone (either software trick or stolen finger print through social engineering), then they can also get right into my cryptomator vaults. Two series barriers of the same type (biometrics) don’t really add protection. Diverse barriers are much preferred.
  2. Also for those concerned about law enforcement, law enforcement can generally compel biometrics, but they cannot compel pins and passwords (or at a minimum you can plausibly claim they are forgotten)

The pin solves all of these problems. Pins don’t have a lot of entropy per character, but you don’t really need that, as long as you simply log the user out of the vault after a certain number of incorrect pin attempts (requiring master password to get back in after too many incorrect pin attempts). Bitwarden mobile app does that, they allow 5 incorrect pin attempts and allow user to choose the pin length. That means even with a 4-digit pin the attacker has only a 1/2000 chance of guessing the pin before getting logged out. A four or six digit pin doesn’t take much more time to enter than a fingerprint (the large keys on numeric pin entry screen are much easier than the tiny keys on the alphabetic keyboard) but it is arguably much more secure than biometrics since it represents a different challenge method than the one that unlocks your phone. And if you’re concerned about law enfrocement, they can’t compel you to remember a pin.

As an alternative to a per-vault pin, it could be an app pin (you can’t even open the app without a pin). Whichever is easier to implement as far as I’m concerned. [EDIT, now that I’ve written that I’m recalling there may be others ways to set a pin on android apps… I’m going to look into that and will report my results back]

I realize I could use a PIN for my Android phone to get the diverse barriers I’m after, but I unlock my phone far more times during a day than I do my cryptomator vault, so I’d rather keep the phone as fingerprint unlock and put the pin on cryptomator.

That’s just a thought. I searched and didn’t find a similar suggestion (I apologize if this is a duplicate).

Cryptomator is some great software btw. I’m definitely making good use of it. Thanks to all those who make it possible.

1 Like

I followed up to look for a trustworthy app lock app for android. Among all the options on PlayStore, the most trustworthy name to me seems to be Norton App Lock (Norton is after all a publicly traded fortune 500 company, specializing in security). It’s a free app that does only app locking, inside of the app they advertise other Norton services/apps to download, but they don’t force them on you.

The Norton App lock app requests "permissions: for:

  1. Device Administrator
  2. Accessibility Services
  3. Draw over other apps
  4. Internet permissions (standard for all apps)
  5. Camera, contacts, phone, storage.

The app won’t work if you deny permision 2 or 3. All the other permissions can be denied/restricted and the app still works (I’d recommend enabling 1 along with 2 and 3 but no others).

Device administrator permission (1) might sound scarier than accessibility services permission (2), but it’s actually the other way around (at least in terms of potential for abuse… accessibility services is a lot worse).

Device administrator permission (1) is used by Norton to help prevent the app from being uninstalled, and in general administrator access can only be used to apply restrictions / policies, but not for spying type activities.

Accessibility services permission (2) is used by Norton app to help do its function, but in general accessibility services could be used to see everything you do on your phone and to control your phone as if the app developer was holding it in their own hands (it’s a scary permission, be careful with it)

Draw over other apps permission (3) helps Norton app lock hide the newly-launched app, and in general could be used for deception to hide warnings or trick you into tapping something you shouldn’t.

Permissions 2 and 3 are intrusive and abuse-able, but again Norton seems trustworthy.

Regarding “permission” 4 (internet access), I disabled internet access for the Norton app (via Netguard) and the Norton app seems to work fine without accessing the internet.

Regarding the permissions on 5 (Camera, contacts, phone, storage.), I did not grant any of them and the app works fine.

You can set the app up for pin (up to 4 digits) or pattern (not as secure) or biometrics or some combination. I set it up for PIN only. Within the Norton app you select the other apps which will be protected by PIN (they will all be protected by the same PIN). You can set up so that once a pin is entered for an app, you can freely keep going into that app up until the next screen off (after which time you have to enter PIN again).

One thing I don’t know (I’m really curious), how many incorrect attempts would result in lockout. EDIT - experiment showed that after 5 incorrect entries I have to wait 60 seconds before further PIN entries can be attempted.

When you launch a protected app and the PIN screen appears, it plainly says Norton App lock on that screen (I think that’s a google requirement), so that an attacker is going to know what app is causing the pin lock and therefore he’ll know he has to remove Norton to gain access to his target app. Norton advises to include the settings app as pin protected so the attacker can’t get to that (presumably to disable admin access). BUT on my Samsung phone the settings app is not reliably protected by the Norton pin (it’s intermittent, sometimes I can get all the way in to disable Norton admin permission). All the other apps I tried are reliably/consistently protected by the Norton PIN. Maybe there is something unique about the Samsung settings app that causes this behavior.

On my phone the Norton App is now set up to pin protect the following apps: Norton (itself), settings, cryptomator, Google Play, file managers, my TOTP app, and my more critical browser (I already segregate my activites among browsers anyway). It’s all the same PIN, so locking more apps doesn’t mean you have to remember more PINs. Arguably my email, text messages, and phone apps are just as important, but I access email/text/phone so often that it would be too inconvenient to pin-protect those.

I don’t think a separate Android pin-lock app is as good as a pin built into the app (it means we have to trust another app, and it has some potential weaknesses like in my case the settings app vulnerability). But in absence of a pin lock built into the app, it’ll have to do.

I looked for open source options too. The only open source I found was AppLock on Fdroid, but that appears not to be current / maintained, so I didn’t bother with that.