PIN unlock in the Browser Extension

What's the latest word on supporting PIN unlock in the browser?

As identified in other threads, unlocking 1pw on a Chromebook is less than ideal. The lack of fingerprint or PIN support is very frustrating. I've read that the Android app had added PIN support, but I tried the latest version 8.10.22 and found my Chromebook did not support it.

It's very disappointing to have seen years go by without this being addressed.


1Password Version: 8.10.22
Extension Version: 2.17.1
OS Version: Chromebook
Browser: Chrome

Comments

  • Hello @robert1p! 👋

    As far as I'm aware, the Chromebook doesn't support third-party apps having access to the fingerprint reader. The fingerprint reader is only used to unlock the Chromebook itself. But let me know if I have that wrong. 🙂

    What's the latest word on supporting PIN unlock in the browser?

    As far as I'm aware there aren't any plans to bring PIN unlock to 1Password in the browser. For other platforms, we use the apps to securely store the secret that unlocks 1Password in a secure location like the Secure Enclave on iOS and macOS devices. For a PIN code to unlock the 1Password extension on the Chromebook we'd have to store your account password unencrypted on disk which isn't secure.

    While your account password has to be at least 10 characters long, you can make it easier to type in by using memorable words: How to choose a good 1Password account password

    I hope that helps!

    -Dave

  • robert1p
    robert1p
    Community Member

    "As far as I'm aware there aren't any plans to bring PIN unlock to 1Password in the browser."

    What's it take to reconsider this?

    While my concern is with the lack of Chromebook support, I'm sure there are plenty of non-Chromebook users (i.e. pc, mac, etc.) that would benefit from being able to specify a unique PIN to access their 1Password Extension.

    Using "memorable words" is not a solution. I have no issue remembering or typing my 20+ character password. But I would prefer to avoid continually performing that exercise, when a PIN would meet our needs. Yes, I can extend the timeout .. at the cost of security, but I'd rather have the security plus the convenience of a PIN.

    It's easy to let someone access your device. It's much harder to remember to go lock 1password before you do so. A short timeout addresses that issue; but the lack of PIN support makes that less practical.

    What's the rationale for not providing better security?

  • @robert1p

    What's the rationale for not providing better security?

    A PIN code would compromise security here. When your 1Password account is unlocked your account password is required because it is the secret that decrypts your data. A PIN code cannot replace your account password for this purpose since it can't decrypt your data. To add a PIN code unlock feature, we would need to store your account password somewhere on your Chromebook and someone else might be able to find it and use it to decrypt and unlock 1Password.

    You can read more about 1Password's security model here: About the 1Password security model

    That being said, I've passed along your request to our product team. They'll consider the feasibility of adding such a feature to 1Password in the future. It's possible that the team can figure out an implementation that allows for PIN code unlock without compromising security. 🙂

    -Dave

    ref: PB-37748329

  • robert1p
    robert1p
    Community Member
    edited January 10

    Thanks for passing it along.

    I've read the security model, and for the record, a PIN does not compromise security. The PIN implementation simply requires the user to first unlock their data using their password. Once unlocked, the PIN allows quick access. If you logout, reboot, or incorrectly enter your PIN, you will then need to re-enter your password.

  • Thank you, I'll pass your comment along to the team. 🙂

    -Dave

This discussion has been closed.