Read first: Previous version support information

Why is Apple Watch authentication restricted to Secure Enclave Macs?

lilyball
lilyball
Community Member
edited April 2023 in 1Password 3 – 7 for Mac

All Macs can use LocalAuthentication to authenticate with an Apple Watch regardless of whether they have a secure enclave, and keychain items can be created with a SecAccessControl that requires the watch. So why does 1Password require the secure enclave?

1Password Version: 7.7.BETA-1 (70700001)
Extension Version: Not Provided
OS Version: macOS 10.15.5 (19F101)
Sync Type: Not Provided

Comments

  • rudy
    rudy

    @lilyball,

    Yup, that's correct that LocalAuthentication is possible with Apple Watch on most 2013 or newer Macs. Unfortunately, SecAccessControl doesn't meet our security requirements for externally stored unlock secrets. If the keychain item is protected with SecAccessControl then you can still access that item with your Mac's login password.

  • lilyball
    lilyball
    Community Member

    You can? Argh, then what's the point of kSecAccessControlDevicePasscode >_<

This discussion has been closed.