Big Security Gap of TouchID!!! [iOS is designed to be a single user system]

Pickl0ck
Pickl0ck
Community Member
edited December 2015 in iOS

If you share your iPhone with your family or allow someone else to have access to your iPhone (your kids using it for playing games for example) and want to have your vaults secure, DON'T HAVE THE TOUCH-ID OPTION ACTIVATED!
iPassword doesn't ask for one specific fingerprint, it takes any, what means that someone who have your logged-in iPhone can add his own fingerprint and have access to all your passwords.

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @Pickl0ck,

    To access the portion of iOS's settings related to Touch ID you first have to enter your passcode. You're correct though, if somebody has physical access to your iPhone and has the passcode then they can add a fingerprint to Touch ID. They could in turn access any app that you have set up to use Touch ID which can include 1Password and I believe some banking apps (very dependent on the bank of course).

    Access to an unlocked iOS device though isn't sufficient.

    Just to let you know, we can't ask for a specific fingerprint. The way Touch ID works is we ask iOS did the user authenticate themselves and iOS will reply yes or no. That is the full extent of which any iOS app can access the system protected Touch ID. Who knows, maybe Apple will alter this in the future at some point :smile:

  • Pickl0ck
    Pickl0ck
    Community Member
    edited December 2015

    But it would be highly recommended to mention this essential point in the FAQ's at (https://support.1password.com/touch-id-faq/#is-it-safe-to-use-touch-id-instead-of-my-master-password-)
    or at
    (https://support.1password.com/master-password-ios-keychain/)
    under „Summary”.

    If you share your iPhone with someone else, use Masterpassword only!

  • Thanks for the feedback. :)

    Ben

This discussion has been closed.