PasscodeManager allows unlimited passcode attempts with no rate limiting or lockout mechanism. A 4-digit passcode has only 10,000 possible combinations and can be brute-forced trivially. There is no tracking of failed attempts, no delay between retries, and no account lockout after repeated failures.
The library should support configurable brute-force protection with attempt limits, progressive lockout durations, and persistence of failed attempt state across app restarts.
PasscodeManager allows unlimited passcode attempts with no rate limiting or lockout mechanism. A 4-digit passcode has only 10,000 possible combinations and can be brute-forced trivially. There is no tracking of failed attempts, no delay between retries, and no account lockout after repeated failures.
The library should support configurable brute-force protection with attempt limits, progressive lockout durations, and persistence of failed attempt state across app restarts.