Question Details

No question body available.

Tags

architecture security android android-development passwords

Answers (2)

Accepted Answer Available
Accepted Answer
June 21, 2025 Score: 5 Rep: 84,846 Quality: High Completeness: 20%

I think the standard approach here is to have a recovery key that the user stores "in a safe place"

The key is much longer than a password and presumably harder to crack. You rely on the user writing this key down somewhere and its up to them to keep it safe.

In reality people rarely store these and can't find them when they need them.

Current password managers on mobiles just use the unlock screen for security, you would have to ask if the extra password adds more security to this or not.

For example if you email the recovery key to the user you are adding an attack vector. If an attacker gets your phone, and can open it, but is blocked by the extra password on your password safe. They can probably still open the users emails from the device and find the recovery key, hence giving them access to the password safe.

June 22, 2025 Score: 1 Rep: 111 Quality: Low Completeness: 40%

I see two potential issues with the email based recovery idea right off the bat:

  1. How exactly is recovery initiated? It seems the user either needs an additional password/credential to access an online service which generates recovery tokens, or it becomes possible for someone other than the user to initiate recovery (which is clearly Bad News if the user's device has been stolen).
  2. How does the app determine that a given recovery token is legit? You could have the app verify a digital signature from the recovery service (baked into the token), but then you would need a "revocation" mechanism to protect app users in the event that someone cracks or steals the service's private key - as well as a mechanism to publish/push updates to the service's public key at regular intervals.