Suggestion: allow TouchID + security code to unload 1Password

ericg314

Hi,

This is a suggestion for a future improvement to 1Password. I wasn't sure where else to leave this kind of feedback. I suggest you add the option to require a short passcode (PIN?) along with TouchID to unlock 1Password on the iPhone. The reason is that law enforcement is allowed to force one to place a finger onto the TouchID scanner. It would be nice if there was a way to add a short PIN as well--not the whole password that normally unlocks 1Password--but a short entry so there needs to be something you have (fingerprint) and something you know (PIN) to unlock.

Regards, Eric

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Megan

Hi Eric ( @ericg314 ),

Thanks for the suggestion! If you're concerned about being asked to unlock your phone with your fingerprint, we recommend that you disable Touch ID before entering a high security zone (such as an airport).

ericg314

Megan,

Thanks for your reply. Since one never knows when law enforcement may strike, one cannot know ahead of time when one needs to disable Touch ID. I still think my request would be a nice feature to have.

Regards, Eric

AGAlumB

Since one never knows when law enforcement may strike, one cannot know ahead of time when one needs to disable Touch ID. I still think my request would be a nice feature to have.

@ericg314: That's a good point! I hope that none of us are ever in that position, but of course one never knows.

I'll just add that this may not be technically feasible at this time, since in both cases (using PIN or using Touch ID), the Master Password is being stored in the iOS Keychain to enable you to use these to unlock 1Password, since the Master Password is always needed in order to decrypt the data.

I don't believe it's possible to have iOS require two separate pieces of information to get it to grant access to the Keychain item, but we can certainly consider adding something like that in a future version. Thanks for the suggestion! :)

ericg314

Thanks for you consideration!

AGAlumB

You're most welcome! Thanks for being passionate enough to take the time to leave us feedback on how you'd like 1Password improved in the future. We couldn't do what we do without your support! :)

RichardPayne

@brenty, you could avoid the Apple imposed restrictions by using a two stage login, the first part being TouchId and the second being a standard PIN entry.

You'd encrypted the masterpassword using the PIN as the key and then store this encrypted block in the keychain. Sure, the PIN encryption will be relatively weak but it's not designed to resist concerted attempts to break it; it's just to keep the masterpassword from casual prying eyes.

AGAlumB

Indeed. It's only useful so long as it can be done in such a way where it fails if either (or both) is incorrect without telling you which. :)

RichardPayne

Why is it important which failed? I thought that issue here is that the authorities can force you to swipe touchID. They can't force you to reveal your MP or PIN.

AGAlumB

@RichardPayne: It's important that it is not revealed which has failed. After all, if there's no indication whether it's the PIN, the fingerprint, or both which is invalid, that provides no information that could make it easier.

For example: Touch ID accepted. Please enter PIN tells us we don't have to bother with any other fingers, just keep trying PIN combinations. Something like this gives us information that helps narrow the search significantly. It's like websites that tell you flat out that the password is wrong, while acknowledging you've entered a valid username: time to brute force that password!

And in the case of authorities (or criminals, or both) trying to get you hand over your data, that can slow down their progress significantly, especially given that a 4 digit PIN is not particularly secure on it's own. Essentially they need to get both of them right on the same try to get anything useful. :pirate:

RichardPayne

It's secure enough to prevent random jobsworths invading your privacy which is, I thought, what was being discussed. It revolves around the difference in legal rights rather than an outright security issue. If it gets to the stage of them trying to crack your PIN then they'll just get a court order to require you to reveal the master password.

AGAlumB

It's secure enough to prevent random jobsworths invading your privacy which is, I thought, what was being discussed. It revolves around the difference in legal rights rather than an outright security issue.

I'd rather have actual security than simply making them jump through hoops. And that's probably the only way it would be worth the effort.

If it gets to the stage of them trying to crack your PIN then they'll just get a court order to require you to reveal the master password.

"Oh no! I forgot my PIN!" :naughty:

RichardPayne

Doesn't work here. If they can show that you've used it recently then you'd be done for obstructing the course of justice.

AGAlumB

Doesn't work here. If they can show that you've used it recently then you'd be done for obstructing the course of justice.

:scream:

AGAlumB

@ericg314: I just want to follow up on this in case you hadn't noticed already yourself. It isn't exactly what you originally asked for, but you may find this helpful:

At the Touch ID prompt, if you quickly press the Home button, it kills it and removes the option to open Touch ID again, thus requiring the Master Password.

Cheers! :)

ref: OPI-2886