So how does Fingerprint Unlocking technically work?
Hello,
I asked this once before but got now answear because the new version wasn't out yet. So I will ask again. How does fingerprint unlocking work? In my understanding 1pw needs the Masterpassword to decrypt the data found in the vault. So this master password would have to be cached somewhere? right? And where? How safe is this?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
It works exactly like it did with the pin lock. Except it uses your fingerprint instead of a pin. That's my understanding.
0 -
Hi @ntimo,
I'm happy to provide some insight into how Fingerprint Unlock works in 1Password 6 for Android. Before I describe that though, let me first go over what happens when you unlock your vault with your master password.
When you enter your master password on the lock screen, 1Password for Android uses a well-known key derivation algorithm to generate an encryption key from your master password. This derived key is then used to decrypt your master key, which is the encryption key that is used to encrypt and decrypt your vault contents. Once the master key is decrypted, your vault is now unlocked and readable by 1Password.
When you enable Fingerprint Unlock in 1Password's security settings, we generate a random key that we bind to fingerprint authentication. In other words, the key can't be retrieved from the key store until successful fingerprint authentication takes place. This is why we require you to authenticate with your fingerprint when you first enable Fingerprint Unlock. We then use this key to encrypt your master key and store it in encrypted form.
When you use your fingerprint to unlock your vault, the successful fingerprint authentication allows 1Password to retrieve the key from the key store. The encrypted master key is then retrieved from storage and decrypted using the key from the key store. And now that the master key is decrypted, your vault is unlocked and readable by 1Password.
Now that you've got an idea of how Fingerprint Unlock works, let's come back to your questions about caching and safety. We do not cache your master password for Fingerprint Unlock, so you don't have to worry about it being stored anywhere. As for safety, Marshmallow's fingerprint authentication APIs are built around the Android KeyStore system. This system is in turn protected by the Android operating system and any supported cryptographic hardware included in your device.
I hope that explanation helps give you a sense of how Fingerprint Unlock works in 1Password 6.0b1. Let me know if you have any additional questions :)
0 -
Thx!
0 -
I'm glad mverde was able to answer your question! Let us know if you have any others!
0