Security Feature Proposal: PIN + TouchID Unlock

edited September 2 in iOS

Hello,

my starting Parameters are:

  • I use a good Masterpassword even if the SEC-KEY exists (Don't want to switch to a short one)
  • In iOS it is comfortable to use TouchID or FaceID since you have to unlock 1password more often
  • I sometime leave my iPhone in a locker when I do sports
  • TouchID could be tricked -> For most my Information TouchID is secure enough for me, but not for password data.

Risk:

  • If somebody trick TouchID he is able to see all my passwords but worst he would have access to my AppleID

Proposal:

  • Additonal PIN which is ask if TouchID is used and 1 Minute Time since last usage of 1password. After 1 or 2 times mistyped you have to unlock with masterpassword again.
  • This PIN could be used globally or only for Items who are marked for it or the other way around (Only marked ITems are accessable without PIN)

Alternate Proposal:

  • Put Temporary disable TouchID button in lockscreen, so I do not have to manually go to settings.

Bye

Random


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @random_31731ec7aea

    Thanks for the suggestion. We seem to be getting away from using PINs to protect 1Password data, but I'll pass it along to the team for consideration. :)

    Ben

  • edited September 4

    Thanks for Feedback. It should not be to protect data in terms like my masterpassword or der Secret-key. It should be to protect against touchID security risk. Any other Solution is okay too :-)

  • edited September 4

    It should be to protect against touchID security risk.

    The nice thing about Touch ID is that it is very difficult to hack and cannot be brute-forced (at least not in the lifetime of a human being). Someone would need physical access to your devices, a considerable amount of time (several days or weeks), and some sophisticated equipment (like prosthetics manufacturing equipment), along with a very high quality image of your finger prints, to even come close to being able to hack your Touch ID. In the extremely unlikely scenario that were to happen, you'd certainly have plenty of time to use Find My... to disable the phone and thus prevent unauthorized access.

    To me, the extremely low odds of Touch ID being compromised (and I've seen no reports of that being done in the real world, despite hundreds of millions of Touch ID-equipped devices existing for years) suggests that the addition of a PIN would just add complexity and could be another opportunity for a user to forget their PIN and lose access to their data permanently.

  • BenBen AWS Team

    Team Member

    Indeed. Very well put, @scottisloud. This isn't something that is currently on the radar but we may be able to re-evaluate down the road. :) Thanks!

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file