Sentry VS pam-duress

You will need to set the app as device owner using the adb shell and for this to work you must first log out of connected accounts as described here: https://github.com/x13a/Sentry/issues/16

You can use "Sentry" to determine a number of login attempts after which a factory reset occurs: https://github.com/x13a/Sentry

Sentry: Enforce security policies

On Linux, there’s pam-duress: https://github.com/nuvious/pam-duress

Multi-step timeout would be a good alternative, especially for mobile. For desktop, I have this awesome PAM set up to remove everything associated with my regular user account.

It's actually quite simple and readily available with PAM duress [0] (at least on Linux, I'm not sure about PAM on Mac). It was also discussed here already [1]. Still, you should consider that doing so might not work in your favor.

[0] https://github.com/nuvious/pam-duress

[1] https://news.ycombinator.com/item?id=28267975

# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 inherit pam toolchain-funcs VER_COMMIT="04e607f9ab674c8dbbf27ea8bb59158178a72f69" DESCRIPTION="A PAM module enabling special 'duress' passwords that will execute arbitrary scripts" HOMEPAGE="https://github.com/nuvious/pam-duress" SRC_URI="https://github.com/nuvious/${PN}/archive/${VER_COMMIT}.tar.gz -> ${P}.tar.gz" LICENSE="LGPL-3" SLOT="0" KEYWORDS="~amd64" IUSE="debug" DEPENDS="dev-libs/openssl sys-libs/pam" RDEPENDS="${DEPENDS}" S="${WORKDIR}/pam-duress-${VER_COMMIT}" src_prepare() { default sed -e "/^CC :=/s|:= .*|:= $(tc-getCC)|" -e "/^CFLAGS :=/s|-O2|${CFLAGS}|" \ -i Makefile || die } src_compile() { emake $(use debug && echo "debug") } src_install() { dobin bin/duress_sign dobin bin/pam_test dopammod bin/pam_duress.so einstalldocs }

Using https://github.com/xmidt-org/dms & https://github.com/nuvious/pam-duress to shred LUKS headers: https://www.buskill.in/luks-self-destruct/

maybe https://github.com/nuvious/pam-duress

This repo gives you one such tool. It triggers a script when a specific password is used, and can then hand over control to the usual unlocking process or not (as you asked for). The script is whatever you want: taking a pic, maybe transmit it over the internet, possibly including live video, audio and location, distress message, etc. The script can also erase the app, itself and the log entries, then unlocking as if nothing had happend. A downside is that, at least from the repo description and instructions, the Duress action triggers on specific user and password, not on anything but the correct combination. Still, you asked for specific user and password.

So far, I've only come across one solution for Linux, called PAM Duress. It executes a script when you log in, so you'd probably need to add some actions that make the files unavailable. I haven't used it myself, as I'm a Windows user.