Obi Public Docs
  • FOR USERS
    • Quickstart: Using Obi
  • FOR BUILDERS
    • Obi: Cross-Chain Account and User Management
    • Dev Quickstart: Connecting Your App
    • Dev Quickstart: Building Multi-Chain Apps
    • πŸ”΅The Obi Smart Account Suite
      • πŸ”’Multikey
        • 🎣Preventing Phishing
        • πŸ“²SMS and Other Web2 Providers
        • πŸ’•Final Recovery
      • πŸ”Signet
        • Draft Signet Whitepaper
      • πŸ’•Extra Life
      • πŸ€–Automatons
      • ⏳Sessions
        • Threshold Escalation
      • πŸ§™β€β™‚οΈParty Members
        • Allowances: Hot Wallets, Budgets, and Subscriptions
        • Allow/Block/Delay Lists
      • 🧩Obi Stack Overview
      • β›½Gasless UX
      • πŸ”General Obi Features
      • πŸ“œSmart Account Design Philosophy
      • πŸ—οΈSmart Contract Architecture & Flow
    • πŸ›£οΈRoadmap: Upcoming Features
      • πŸ”§Duress Mode
      • πŸ“³Security Notifications and Lockdowns
      • βœ‹Global Transaction Limit (Sanity Limit)
      • 🌐Obi Service Providers
        • Incentivizing Service Providers
    • πŸ₯‡Obi's Unique Advantages
    • πŸ”’Multikey Attack & Loss Vectors
      • Passkey
      • Cloud Key
      • SMS Key
      • Telegram Key
      • WhatsApp Key
      • Social Recovery Key
      • Email Recovery Key
      • Ledger Hardware Key
      • Map Points Key
      • NFC Key
      • Major 2 Key Loss Vectors and Mitigations
      • Major 2 Key Attack Vectors and Mitigations
      • β€œUnlocked Obi Theft” Attack
  • Glossary
Powered by GitBook
On this page
  1. FOR BUILDERS
  2. Roadmap: Upcoming Features

Duress Mode

(not yet implemented in production)

The most effective attack, the β€œwrench attack”, involves physically or otherwise coercing the user to sign a transaction, such as transferring funds, or full account ownership. No amount of secure system design can prevent this attack. Except, that is, a duress mode.

By inputting an alternate pin code, using an alternate voice authentication phrase, or using an alternate security answer, the user can activate duress mode.

This unlocks a different account with minimal value. It can optionally also alert the user’s set emergency contacts or other parties.

This is comprehensive, automatic, customizable wrench attack protection.

(Note that if the user’s account address is already known by the attacker, this may be unconvincing. Even this eventuality may be mitigated in the future.)

PreviousRoadmap: Upcoming FeaturesNextSecurity Notifications and Lockdowns

Last updated 1 year ago

πŸ›£οΈ
πŸ”§