inccorectPasscodeAttempts value not persisted between app launches

[le4ker]

Hi,

This bug allows to brute force the passcode lock by quitting the app before reaching the maximum attempts limit and then opening the app again.

A solution could be to store the value in the NSUserDefaults or the Keychain.

[ziogaschr]

This is correct. Although I think the intention of @yankodimitrov was to leave this implementation detail to the implementors.

There are many reasons for doing this. Think of an app that requires this key to be stored in Keychain and also to be fully encrypted when phone is locked. You can always argue that this request doesn't expose any risk, but some apps might need to follow some privacy rules, that storing this value will limit them.

There are many such modules that can fit perfect to this project as additional plugins. Examples are:

• Store PIN to Keychain
• Store PIN to NSUserDefaults
• Store maximum attempts limit reached...
• Add PIN time expiry
• Add auto-handling of showing the PIN Lock view when app moves to foreground
• Add Splash view
• Add themes for .xib

That way someone can use only what he needs for his project easily. It will be nice if we can make a call altogether and go this awesome project a step further.

[le4ker]

This is correct. Although I think the intention of @yankodimitrov was to leave this implementation detail to the implementors.

It's not mentioned in the readme file, which makes it dangerous 😞 Also, how can you implement the persisted behavior to this member since it's private?

It will be nice if we can make a call altogether and go this awesome project a step further.

Totally agree on that! And we can start by mentioning this behavior in the readme file.