Security implications when using TouchID with iOS Safari - "Use iOS keychain" has to be enabled

somainer
somainer
Community Member

per this post by Megan from AgileBits, in order to use Touch ID for 1Password access within Safari, one has to

have the 'Use iOS keychain' option enabled in Settings > Advanced. If you do not allow 1Password to store the Master Password in the iOS keychain, then when 1Password is closed in the background (as happens with inactive apps when iOS needs the memory), you will need to enter your Master Password when you open 1Password again.

Can AgileBits staff please explain the security implications of this?

1) If my Master Password is saved in the iOS keychain, doesn't that make it potentially vulnerable? How is it encrypted by iOS (and how does that security compare to what 1Password provides)? Can other apps access that info, etc?

2) I most definitely do NOT want my Master Password up in the cloud somewhere... If you can allay my concerns re question #1, what would i have to do within iOS (if anything) to ensure that my Master Password would not end up in iCloud Keychain?

Comments

  • Stephen_C
    Stephen_C
    Community Member

    There is already a lengthy discussion of this, with erudite contributions from AgileBits, in this forum. It's a lengthy thread but here is probably the best place to start in that thread.

    Stephen

  • MikeT
    edited October 2014

    Hi guys,

    @somainer, did Stephen's link help answer your questions?

    Here are the short answers for your questions:

    1) If my Master Password is saved in the iOS keychain, doesn't that make it potentially vulnerable? How is it encrypted by iOS (and how does that security compare to what 1Password provides)? Can other apps access that info, etc?

    No, your master password is first obstructed by 1Password and then it is encrypted by your device's hardware encryption key. It is only accessible by 1Password after the hardware device is unlocked first with the passcode. It is also rendered moot if an incorrect device passcode is entered and does not in fact leave your device because the data requires your device hardware's encryption key that does not exist elsewhere. If someone tries to capture the data and place it on a different device, it will not work because the hardware key does not match.

    2) I most definitely do NOT want my Master Password up in the cloud somewhere... If you can allay my concerns re question #1, what would i have to do within iOS (if anything) to ensure that my Master Password would not end up in iCloud Keychain?

    Your master password does not leave the device in any situations. iCloud Keychain is not the same thing as the iOS keychain, iCloud Keychain is just a service Apple provides that uses your iOS and OS X keychains to store data in and sync it across but iCloud keychain does not contain all of the data inside iOS keychain, especially 1Password.

  • somainer
    somainer
    Community Member
    edited October 2014

    @Stephen_C‌ thanks for sharing the link

    @MikeT thanks for your comments that reinforce the ideas discussed in the other thread and further clarifying in your post how it all works

    I am pleased that AgileBits take very seriously the concern that I and other users have about putting ANY 1Password info in the cloud.

    I have since enabled iOS keychain (but NOT iCloud keychain) and am enjoying the ease of use of Touch ID to access 1Password on my iPhone - and most importantly the excellent Safari extension. Now I find myself longing for TouchID on my mac!

  • Hi @somainer,

    You're welcome. TouchID on Mac would be awesome. In fact, they could just let you pair the device to your Mac, so you just unlock the Mac using your iPhone. There are some apps that does this and we've gotten requests to allow 1Password on your iOS device to authenticate against 1Password on your computers over the Wi-Fi or even bluetooth.

    It is a cool idea but as you notice, we need to investigate the pros and cons to see if this is a security risk we're willing to accept because someone could just put your fingerprint on the IOS device as you sleep and unlock your Mac. That's another reason why the device needs to have a passcode in place.

This discussion has been closed.