Admin Password & Restrictions
Admin password protection prevents unauthorized users from performing sensitive actions in the taximeter app.
Available for both iOS and Android app versions.
What Gets Protected
When admin password is enabled:
- Trip deletion - Requires password to delete any trip from history
Future updates may add protection for additional actions.
Setting Up Password
- Open Advanced Settings
- Tap Admin Password row (shows “No restrictions”)
- Enter password (minimum 6 characters)
- Tap Save Password
Password is now active. The Admin row displays “Restrictions: Trip deletion”.
Using Protected Features
When you attempt to delete a trip:
- Password dialog appears
- Enter your password
- Shows “Attempt X of 3” counter
- If correct: trip is deleted
- If incorrect: error message shows remaining attempts
Important: Every password attempt is logged with timestamp and cannot be deleted.
Attempt Limits & Lockout
3-Attempt System
- Attempts 1-2: Shows error, allows retry
- Attempt 3: Triggers lockout if incorrect
Escalating Lockout Duration
Each time you hit 3 failed attempts, lockout duration increases:
| Event | Duration |
|---|---|
| 1st lockout | 5 minutes |
| 2nd lockout | 30 minutes |
| 3rd lockout | 2 hours |
| 4th lockout | 8 hours |
| 5+ lockouts | 24 hours |
Successful password entry resets everything - both attempt counter and lockout event counter.
Lockout Timer Reset
After 24 hours of no failed attempts, the lockout event counter resets to zero. ⚠️ Requires internet connection - the app validates time using network time servers to prevent manipulation.
Warning Indicator
A ⚠️ warning icon appears in the Admin section header when there are failed password attempts that haven’t been reviewed.
The warning clears when you successfully access Admin settings, indicating you’ve reviewed the attempt log.
Viewing Attempt Log
Access Admin Password settings to view:
- Last 10 password attempts
- Timestamp for each attempt
- Success (✓) or failure (✗) indicator
- Context (delete trip, access settings, etc.)
- Summary: “X successful, Y failed attempts”
Note: Attempt log cannot be cleared - it serves as a permanent audit trail for security.
Changing or Removing Password
To change password:
- Access Admin Password settings (requires current password)
- Enter new password
- Tap Save Password
To remove password:
- Access Admin Password settings (requires current password)
- Tap Remove Password
- Confirm removal
Removing the password disables all restrictions.
Security Notes
- Password is hashed (SHA256) and encrypted - not stored as plain text
- Lockout timer uses system time that cannot be bypassed by changing device clock
- Failed attempts cannot be hidden or deleted
- After 24 hours with no issues (and internet access), escalation resets
Backup and Restore
This section explains what to do as an administrator after re-installing the app or restoring a device from backup where the admin password was set.
App reinstall (same device)
- iOS: Password cleared. Set up again.
- Android: Password cleared. Set up again.
Same device restore
- iOS: Password restored ✅
- Android: Password lost (keystore cleared). Set up again.
New device migration
- iOS: Password restored ✅
- Android: Password lost (keystore not transferred). Set up again.
Troubleshooting
Locked out and can’t remember password?
Wait for lockout to expire. Consider re-installing the app if password is permanently lost (will erase all app data).
Warning icon won’t go away?
Successfully access Admin settings to clear the indicator.
Internet required message?
Internet is only needed for the 24-hour escalation counter reset.
Short-term lockouts (5min-24h) work completely offline and are immune to time manipulation attacks (uses monotonic clock that cannot be changed by modifying device date/time).
Related
- Quotes - Create professional fare estimates for customers
- Fare Calculator - Estimate fares between addresses
- Receipt Printing - Print professional receipts directly from the app
