iOS PIN Security

I have meticulously read through discussion 98376/Pin Security (now closed), along with a couple others posts is all I could find, but I still am having trouble understanding what is being said. Most recent posts were back in 2018 and before.

Has anything changed since then?

I am out-of-trial and happily have an 1Password Account. But I am not, yet, using 1Password.

Backing up for a minute, I understand that iOS is a walled garden [ I'm guessing Android phones use a simple 1Password PIN (QUC) solution ]. AgileBits has masterfully leveraged Apple's iOS Keychain so as to offer PIN code for iOS 1Password users who do not wish to key strong Master password each time they open the app. My household will not use 1Password unless/until I create a PIN code.

I do not wish to delve further into iOS PIN security details.

OTOH, what I would kindly prefer (if reasonable and sensible, of course) :)

Can anyone of the AG Team confirm, maybe something like this:

"Yes, I know of one or more Team members that use iOS PIN codes on their personal 1Password accounts".

At this point, if 1Password Team member(s) are knowledgeably and confidently using iOS Keychain PIN code, I will choose to trust that it is (completely? sufficiently?) safe to use and move on.

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_anaag_ana 1Password Alumni

    Hi @suffice!

    AgileBits has masterfully leveraged Apple's iOS Keychain so as to offer PIN code for iOS 1Password users who do not wish to key strong Master password each time they open the app. My household will not use 1Password unless/until I create a PIN code.

    Is there any reason why your household would not simply use Touch ID or Face ID to unlock 1Password instead?

    About Touch ID security in 1Password for iOS

    In addition to being secure, it would be even quicker than entering a PIN code, if the goal is to unlock 1Password quickly (which sounds like the reason you are asking this).

  • sufficesuffice
    edited December 2021

    Thank you @ag_ana, for your response and on point suggestion. A very helpful article, too. Secure, Simple, Easy.

    Though the risks are small and the advantages are big, it comes down to firm reluctance to Biometrics. But then there are potential risks of jailbreaking and with PINs, too. The list goes on.

    Obviously, this is all at the subjective and personal level. Just wanted to think out loud a bit, and with other(s) input, hone my chosen solution.

    For now, I am re-visiting the use of random memorable 1Password Master Password (including the associated large-size hash). JGoldberg has so expertly written about this, along with his Password-Cracking challenge assessment and results. I have gone back-and-forth for a long time on this topic of passwords and entropy. Maybe this time I can internalize 'random memorable' for myself, and then convince other family as well.

    Also, I think it would be nice to see an Auto-Lock option of 4 hours.

  • ag_anaag_ana 1Password Alumni

    @suffice:

    For now, I am re-visiting the use of random memorable 1Password Master Password (including the associated large-size hash)

    For what it's worth, this is what I am using too :+1:

    Also, I think it would be nice to see an Auto-Lock option of 4 hours.

    Noted, thank you for the feedback!

  • @ag_ana:

    It is worth it. Thanks for mentioning that!

    I need to focus more on the large hash which I tend to forget.

  • ag_anaag_ana 1Password Alumni

    @suffice:

    Since we are on the topic, this article might also be useful:

    How to choose a good 1Password account password

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file