1Password NOT requiring master password after reboot!
The latest version of 1Password for iOS does not require a master password after a reboot on my iPad, which does not have Touch ID. After reboot, I am presented with a screen asking for my master password, but it also has a Touch ID symbol on it. If I simply tap on the Touch ID symbol, I am presented with a keypad where all I have to do is enter my 4-digit PIN, rather than my master password. In fact, it appears that I never have to use my master password on my iPad now.
This is a HUGE failure of security!
1Password Version: 6.4
Extension Version: Not Provided
OS Version: iOS 9.3.1
Sync Type: Not Provided
Comments
-
The master password was not required on my iPhone 6 either, which does have Touch ID, but in the case of my iPhone 6 I was not able to avoid using Touch ID.
0 -
I have used 1Password for many years and I have used it as it was intended to be used. I've created individual passwords for each website. In each case I've used as secure a password as possible. No one could guess one of those passwords in a million years. But now all those highly secure passwords are protected by a mere 4-digit PIN on my iPad, because I never have to enter the highly secure master password that protects the database only on my Mac.
0 -
Needless to say, I've disabled the PIN on my iPad.
0 -
The relevant option is a touch hidden away. It is a significant change and probably needs a warning and perhaps a different default. I guess AgileBits reckoned that most people nowadays use Touch ID where the option is helpful.
Go to Settings > Advanced > Security (NOT the obvious Settings > Security) and you can specify when you want to require the master password (Settings > Security gives different timing for locking, unlock for that allowing touch ID if you choose).
You can set it to Never, After Restart, one hour, or various number of days, whereas the choice in Settings > Security is to auto-lock after a number of minutes
0 -
@Duane Williams thanks for taking the time to reach out to us. @danco is correct: the latest version of 1Password for iOS made it so people no longer have to enter their Master Password after their device restarts, if they have Touch ID set up. You can change this via the method they described above. You can also choose not to use Touch ID with 1Password for iOS in the Settings > Security menu. (You should also be able to set it so that your iPhone can use Touch ID while your iPad does not.) I hope that helps! :)
0 -
The problem I had was that my iPad does NOT have Touch ID at all, but 1Password was behaving as if it did! It was putting a Touch ID icon on the screen next to the text box for the master password. By simply tapping on the Touch ID icon, it let me enter my PIN to bypass the master password. Since my iPad is an older model that does not have Touch ID, that option should never have been presented to me.
0 -
On devices without Touch ID, the PIN works in a similar fashion. If you do not want to use a PIN with 1Password and instead want to be prompted for your Master Password please disable the 1Password > Settings > Security > PIN option. This option is disabled by default.
Thanks!
Ben
0
