Security Feature Proposal: PIN + TouchID Unlock
Hello,
my starting Parameters are:
- I use a good Masterpassword even if the SEC-KEY exists (Don't want to switch to a short one)
- In iOS it is comfortable to use TouchID or FaceID since you have to unlock 1password more often
- I sometime leave my iPhone in a locker when I do sports
- TouchID could be tricked -> For most my Information TouchID is secure enough for me, but not for password data.
Risk:
- If somebody trick TouchID he is able to see all my passwords but worst he would have access to my AppleID
Proposal:
- Additonal PIN which is ask if TouchID is used and 1 Minute Time since last usage of 1password. After 1 or 2 times mistyped you have to unlock with masterpassword again.
- This PIN could be used globally or only for Items who are marked for it or the other way around (Only marked ITems are accessable without PIN)
Alternate Proposal:
- Put Temporary disable TouchID button in lockscreen, so I do not have to manually go to settings.
Bye
Random
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Thanks for the suggestion. We seem to be getting away from using PINs to protect 1Password data, but I'll pass it along to the team for consideration. :)
Ben
0 -
Thanks for Feedback. It should not be to protect data in terms like my masterpassword or der Secret-key. It should be to protect against touchID security risk. Any other Solution is okay too :-)
0 -
It should be to protect against touchID security risk.
The nice thing about Touch ID is that it is very difficult to hack and cannot be brute-forced (at least not in the lifetime of a human being). Someone would need physical access to your devices, a considerable amount of time (several days or weeks), and some sophisticated equipment (like prosthetics manufacturing equipment), along with a very high quality image of your finger prints, to even come close to being able to hack your Touch ID. In the extremely unlikely scenario that were to happen, you'd certainly have plenty of time to use Find My... to disable the phone and thus prevent unauthorized access.
To me, the extremely low odds of Touch ID being compromised (and I've seen no reports of that being done in the real world, despite hundreds of millions of Touch ID-equipped devices existing for years) suggests that the addition of a PIN would just add complexity and could be another opportunity for a user to forget their PIN and lose access to their data permanently.
0 -
Indeed. Very well put, @scottisloud. This isn't something that is currently on the radar but we may be able to re-evaluate down the road. :) Thanks!
Ben
0 -
Hi all,
I was a bit busy and completely forgot about this thread.
@scottisloud I do not want the PIN as replacement if you have the masterpassword already. I only want it as second option whit TouchID in case some one is stealing my iPhone. And it is possible to take my fingerprints which are all over the device and make a replicate and then login. This does not take month. Sure it is really unlikely and I can use find-my but what if the criminal is faster -> then he has access to my apple-id as well .... Thats why I would at least block access to certain entries additonaly with a PIN, which won't be necessary if you have the Masterpassword. Would be enough if 1password would block local access in this cases.random grettings
0 -
Thank you for the update and for the clarification, understood :+1: :)
0 -
TouchID+PIN would also have some use in the scenario that someone physically takes your phone and forces your finger to open the phone and 1Password. Sure, they could threaten you to enter the PIN as well, but that would be another step.
0 -
This is my opinion and not speaking for Agilebits: but when you are at the point of rubber-hose cryptanalysis (and even just physically taking your phone and using your finger on Touch ID I consider to be the start of the sliding scale of rubber-hose cryptanalysis), there's no technical security measure that can prevent against it. At that point you're weighing the options between either "give up the encryption key to encrypted material (as this is not a problem unique to 1Password so I'm making it open-ended)" or "how willing am I to be maimed, injured, and/or killed to keep this material secret".
0