Please have three distinct operations.
- Log in: Requires password and two-factor authentication. Identifies account and decrypts data.
- Decrypt: Requires password. Decrypts data.
- Unlock: Requires PIN or short password. Data already decrypted, merely allows access.
If Unlock fails a small number of times, or a suitable timeout has occurred, the decrypted data will be deleted, and a Decrypt operation will be required.