Store Master Password in KeyChain and rely on Pin Code + TouchID to unlock vault even after reboots
Sorry if this has been asked before, I did a quick search and didn't find anything.
I have been using this product for some time now and have several vaults that I sync across my iPhone and my wife's iPhone. We have a general "family" vault that stores our shared logins and information and individual vaults. While I have no issue typing in a long master password, my wife takes issue and constantly "forgets" the master password, resulting in her not using it as often, which then results in very insecure passwords.
My question is, would it be possible in a future update to enable 1Password (at least for iOS) to store the master password even after reboots? It would be particularly useful, if this master password is stored (perhaps on a vault-by-vault basis) and after reboot, perhaps still at minimum require a PIN code + TouchID to unlock for the initial time and then TouchID for subsequent unlocks. I still agree that the vault should be locked and perhaps master password forgotten (and thus be forced to type it in later) if too many failed login attempts occur.
Hopefully I'm making sense... and thanks for your consideration.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @hayrun,
Thanks for taking the time to write in. This is a great question, without an easy answer. While it may be technically possible, building a product like 1Password puts you in a constant state of trying to balance security and convenience. This is one of those tradeoffs. The decision to have this operate as it does was not made lightly, and was made with the idea of providing the best balance for the most people. Obviously there will always be folks who are more concerned with security than convenience, and vice versa. We have to make choices we feel will be "right" for most of our audience, and this is one of those choices.
I'm sorry if that is not a super direct answer to your question but I hope it provides some explanation.
Thanks!
Ben
0 -
Why not allow this to be an advanced configuration item? It doesn't sound like it's overly difficult to do, just sounds like a decision was made on behalf of the average user. I completely understand this as well, but why not let others configure their experience more?
0 -
Hi @hayrun,
Thanks for your feedback! There are drawbacks to having too many options, and especially to having too many advanced options. As Ben said, we're always trying to strike a balance between security and complexity, and that applies to the app's settings. Any new settings we introduce into 1Password for iOS are debated before they're added.
I hope this helps!
0 -
Has this option been discussed and effectively shelved? Or will this be brought up as a potential topic for discussion with your team?
0 -
I would hope you could re-consider this an option. While I appreciate thinking of the average user, I would be willing to be that many of your users are advanced and would love an "advanced option" similar to this.
0 -
Thanks so much for your feedback, @hayrun! We love hearing hearing from our passionate advanced users :) As Ben said, this is probably not something that'll appear in a near-term update, but maybe at some point in the future. As stated earlier, we're pretty conservative about adding more settings, though.
0 -
I'd be willing to pay an additional one time cost if you'd just let me use my thumbprint to sign in w pin, draw a password puzzle, whatever
While I don't have any advanced knowledge like you on this stuff, my guess is you feel someone stealing my master password somehow on multiple devices on various networks is less likely than our thumbprint? Otherwise I'm having trouble understanding why
0 -
Great post by hayrun! In three decades of daily banking professionally & personl use, I've only had 1 breach for a day or two and it was a keystroke tracker than got me
0 -
Hi @smittyken12,
Thanks for adding your thoughts here! Were you aware we offer Touch ID support on compatible devices? You can find out more here:
Use Touch ID | 1Password for iOS
For devices that do not have Touch ID a PIN option will be available instead.
I hope that helps!
Ben
0 -
We are aware that Touch ID is available, we are hoping to replace our master password entry (after reboots) with a Touch ID + Pin/Picture/whatever entry... aka something we have (fingerprint) and something (fairly simple) we know (PIN). While this may be an advanced feature, I'm sure many, many people would welcome this feature.
0 -
Hi @hayrun,
Thanks for the feedback. We do not have any plans to completely eliminate the need for a Master Password to be entered. Your data is encrypted using your Master Password, so the Master Password is essential to your data's security. And so it is also essential that you remember it. If it is forgotten it is impossible to backup/restore or export your data, or set up your vault on a new device.
Designing a product like 1Password is always a matter of finding balance between security and convenience. I understand a lot of people would probably love the convenience of only ever having to use Touch ID plus a simple PIN, but in this instance this is a case where we cannot responsibly reduce security to increase convenience.
I understand this is not the answer you were hoping for, but I hope it helps explain some of the decisions we've made in trying to find balance.
Ben
0
