Touch ID and Master Password

olyroad
olyroad
Community Member
in iOS

Hello,

I am reading on the iOs App, "If you enable Touch ID your Master Password will be stored in the iOs Keychain"

If I have the Keychain OFF under the iCloud settings, will 1Password still save the Master Password in the iOs Keychain?

Thanks

Comments

  • Ben
    Ben

    Hi @olyroad,

    Thanks for taking the time to write in.

    If I have the Keychain OFF under the iCloud settings, will 1Password still save the Master Password in the iOs Keychain?

    Yes. This setting is for iCloud Keychain (Apple's password management solution), which is unrelated to 1Password.

    Thanks.

    Ben

  • olyroad
    olyroad
    Community Member

    Hello @bwoodruff

    Can you please explain me in what sense is this unrelated to 1Password. It's 1Password that allows it.
    Please see the screenshot (middle sentences of the screenshot)

  • Ben
    Ben

    I'm not sure I follow, @olyroad. My point was that the setting that you mentioned ("Keychain OFF under the iCloud settings") has no bearing on 1Password:

    That setting is for Apple's "iCloud Keychain" service, which is not at all related to 1Password.

    For Touch ID to work with 1Password the Master Password must be stored in the iOS keychain. There is no way around that. There is no way to turn the iOS keychain off, and if there were, it would prevent Touch ID from working with 1Password. You can read more here:

    How we securely store the Master Password in the iOS Keychain

    Thanks.

    Ben

  • olyroad
    olyroad
    Community Member

    OK, Now I think I understand.
    There is one surprising thing though. Apple has my encrypted 1Password items (on iCloud), and through the iOs Keychain it has my Master Password too.

    This means that Apple can have access to my encrypted items.

    I know this doesn't mean a security concern. I am just surprised at this, because I didn't expect it.

    So, Touch ID means that I give me Master password to Apple!

    Thanks for this clarification Ben!

    Best,
    olyroad

  • Ben
    Ben
    edited November 2015

    @olyroad,

    You've made some assumptions here which I want to correct. They are easy to make assumptions because Apple has given two completely separate things very similar names. There are two things in question here:

    • iOS keychain
    • iCloud Keychain

    These are two separate ideas. The iOS keychain is local to your device. It is not synced to iCloud. iCloud Keychain is Apple's password management service which does, as the name implies, sync with iCloud.

    1Password uses the iOS keychain. It does not use iCloud keychain. Your Master Password is never sent to Apple (even if you turn on iCloud keychain).

    Also there is no requirement that you sync your (encrypted) 1Password data with iCloud. Dropbox and WiFi sync are also options.

    Thanks.

    Ben

  • olyroad
    olyroad
    Community Member

    Ah ok. Then I was confused with the Keychain terminology of Apple, which, as you explain, is another thing here. I didn't know iOs Keychain was a local thing on my phone.

    Thanks for this clarification.

  • Ben
    Ben

    You're very welcome. :)

    Ben

This discussion has been closed.