Touch ID Security question
In looking at the following page/info: https://support.1password.com/master-password-ios-keychain/
About half way down, it says "1Password will remove the secret from the iOS Keychain on certain occasions. For example, if the PIN Code is entered incorrectly or after the device has been rebooted."
When I rebooted my device 1Password required me to re-enter my Master Password as described (with Touch ID enabled).
However, I intentionally entered my PIN Code incorrectly (1x, 3x, and then 5x - which placed a 1 minute timeout on my iPhone). In none of those instances did 1Password disable Touch ID and require my Master password as described above.
Can you please further explain the sentence I quoted above from the article, or clarify if I am misunderstanding how this is designed?
Thank you.
1Password Version: 6.2.1
Extension Version: Not Provided
OS Version: iOS 9.1
Sync Type: Not Provided
Comments
-
Thanks for the clarification. In a similar vein, can you please answer the following 2 questions:
This link, https://support.1password.com/how-safe-is-touch-id/, says "After 3 failed attempts to read a fingerprint" your Master password will be required. I tried this (used a finger that wasn't registered to force a failed attempt), but the Master password was never required.
Additionally, at the bottom of the page, it says "open 1Password on your device and tap Enter Password on 1Password’s Touch ID prompt" - this option doesn't appear for me. When 1Password is locked I can use TouchID or press cancel, which takes me to a screen where I can enter my Master password or again use Touch ID. Is this documentation outdated?
0 -
I just tried to reproduce your findings. On my device after 3 failed Touch ID attempts (using an unregistered finger) I was prompted for my Master Password and no longer had the option to authenticate with Touch ID. That was when using the latest beta version. I did run into an oddity when testing this with the latest stable version (6.2.1). After 2 or 3 failed attempts I was prompted with this screen:
My understanding is that this prompt may be coming from iOS itself, and not (intentionally) from 1Password. I've asked our development team to investigate further.
The "enter password" option now only appears after at least one failed attempt to authenticate. That is a change that does not appear to have been updated in the documentation. I'll ask our docs team to take a look at that. :)
Ben
0 -
Thanks - I think I figured out the confusion: the documentation is referencing using TouchID with 1Password: i.e. have 3 failed attempts with Touch ID when trying to open 1Password. I read the documentation as having 3 failed attempts with TouchID on the Home screen (logging into the iOS device itself). As a suggestion, this would might be worth implementing.
Also, in terms of my second question, I was referencing the section on the page at the bottom titled "Forcing the Master Password Requirement" - https://support.1password.com/how-safe-is-touch-id/
As described, this doesn't work: there is no way to temporarily disable the TouchID for 1Pasword and require the Master Password. Please help clarify if I'm misunderstanding this section.
It is also referenced higher up in the documentation under:
Touch ID is designed to minimize the input of your Master Password, but your Master Password will be needed for additional security validation:After restarting your device
After selecting Enter Password on the Touch ID prompt
After 3 failed attempts to read a fingerprint
To change your Master Password0 -
As a suggestion, this would might be worth implementing.
Not possible, unfortunately. iOS doesn't tell us about failed Touch ID attempts at the home screen.
As described, this doesn't work
Correct; we need to update this wording. This was changed in a recent update.
there is no way to temporarily disable the TouchID for 1Password and require the Master Password
You can do that by restarting the device or unlocking 1Password and selecting
Lock NowunderSettings > Security.I hope that helps!
Ben
0 -
All makes sense, thanks for the clarification.
0 -
You are most welcome. If we can be of further assistance, please don't hesitate to contact us.
Ben
0
