Thanks for your suggestion. I understand why, in a multi-plateform, web based environnement, we shouldn’t implement the “delete after N attempts”. But in our use case, the sync gateway is running on an intranet and only accessible through the few devices that are allowed to log in.
The fear of the user losing all it’s data is not worrying me a lot because:
- The mechanism should only delete the database locally and not triggering the deletion of the documents on the remote Sync gateway.
- All of our users are professionals using our app as a professional tool and they shouldn’t forgot their password neither they should risk to lose local data (they would be warned before attempting the N-1 or N-3 attempt).
The major reason why we would like this “N attempt” mechanism is to prevent from someone trying to brute-force a stolen device (because devices might be stolen, it’s a real risk).
But you get a point when saying some malicious user could delete local data by forcing the “N attempt”.
I will have to see what we fear the most: deletion of non-synced documents or brute-forcing the credentials (when I say “brute-forcing” it could only be someone trying the 10 more commons passwords and successfully enter the app). But that’s something I need to discuss with my team.
Thanks for pointing this out.