Skip to content

Destructive Passwords

Overview

Because Passwords doesn’t use a traditional user‑login system where a user account would normally determine what actions are allowed, it becomes important to offer an optional safeguard against accidental or unauthorized data loss. This matters most when the application is being used to store multiple users’ passwords in the same database.

That’s where destructive passwords come in. A destructive password is an optional, extra layer of protection you can add to your database. Whenever an action could lead to data being removed or permanently altered, a destructive password must be entered before the operation can continue. This ensures that sensitive or irreversible actions only happen when you explicitly intend them to, reducing the risk of accidental deletion or silent misuse.

You can add as many destructive passwords as you need, but only one of them is required to authorize destructive actions. Users who don’t have a destructive password can still access and use the database normally, they just won’t be able to perform any operation that deletes data.

Setting a destructive password

Setting a destructive password has to be done out‑of‑band because the application itself is designed to avoid any built‑in mechanism that could silently elevate privileges or allow someone to grant themselves deletion rights from inside the user interface. By requiring this step to happen outside the app through a controlled, deliberate action like editing the database directly you ensure that only someone with explicit access to the underlying data store can enable destructive operations. This separation reduces the risk of accidental activation, prevents misuse by regular users, and keeps the boundary between everyday usage and high‑risk actions.

Linux
#calculate the sha256sum of the new destructive password
#replacing <password> with your new password
echo -n "<password>" | sha256sum
dd81ca61fb57a4ff454c1cf89335a1f5e96afa849dfad4e0116b6ec35309fdea -

#insert the destructive password
#please note the name destructive_operation_password_1.
#the number on the end should be incremented for each destructive password
sqlite3 <database> \
  "INSERT INTO app_info (key, value) VALUES ('destructive_operation_password_1', 'e78b19251d4a3f3146982013542ac75544d5afe6e853dd3ac9b25b1a7ff53a53');"
Windows PowerShell
$password = "<password>"; `
$hash = -join (([System.Security.Cryptography.SHA256]::Create()).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($password)) | ForEach-Object { $_.ToString("x2") }); `
sqlite3.exe <database> "INSERT INTO app_info (key, value) VALUES ('destructive_operation_password_1', '$hash');"

In both instances, the can be obtained from Help.. System Information in the Standard Paths section.