L Loach Docs
Ctrl K

App lock

App lock is an optional credential gate that runs before any chat data hydrates. Configure it in Settings → Security.

PIN, password, or both

You can require any of:

An optional plaintext hint can be stored alongside, so you have something to read after a failed unlock. The hint is plaintext on purpose — if it were encrypted with the password, you would need the password to see the hint, which defeats the point.

How credentials are stored

Loach never writes the PIN or password to disk in plaintext, and never stores them in the SQLite database. The lock blob — a salted hash produced by a modern password hashing function — lives in the OS credential manager. On Windows that is Credential Manager; on Linux it is the Secret Service via your desktop’s keyring.

The lock screen

On launch, the lock screen fills the window until you authenticate. When both a PIN and a password are required, the PIN field is shown first. A wrong attempt clears the PIN field but keeps the password field, so you can fix a typo without retyping everything.

Rate limiting

After several consecutive failed unlocks the unlock command is refused for an escalating cool-off window — from tens of seconds up to a couple of hours after persistent failures. The counter resets on a successful unlock and on app restart.

Re-authentication for destructive actions

Even after you unlock the app, changing or removing the lock and the destructive Data management commands (Import, Wipe user data, Factory reset) ask for your current credentials again. This means a compromised renderer cannot silently disable the gate or trigger a wipe.

No recovery

Loach has no “forgot your PIN” flow on purpose. If you lose the credentials you set, the only path back in is a factory reset — which deletes your chats. Make sure your hint is enough.