Unlock with Apple Watch [feature request; not currently possible]
Comments
-
@trippjohnson - thanks for letting us know you'd like to unlock 1Password with your Apple Watch also! There's no doubt this would be a cool feature and definitely a time-saver. However, as brenty mentioned at least once in this thread, Apple Watch-unlock APIs aren't something that Apple makes available, and therefore it just isn't possible at this point to do this in a secure way.
The only way we've seen others do it would be considerably insecure (storing Master Password), and as a rule we don't add features into 1Password that weaken security when used as intended. Littering 1Password with insecure features and using pop-ups and warnings to users not to use those features unless they're sure they want to, isn't a direction we're likely to pursue.
Nobody in this thread is denying that the ability to unlock 1Password with an Apple Watch would indeed be a great feature to have; we're just reminding people that it isn't possible to do in a secure way at this point. Thanks for taking the time to add your voice and let us know your wishes, however -- we appreciate the input. :)
0 -
Do you know how best to request that Apple gives you that capability?
0 -
@trippjohnson -- Apple's a huge company, and there are many ways to get in touch with them, so I'm not sure I'm the right person to advise you on the most effective way to launch a particular query. That said, they do have a specific feedback channel for Apple Watch, just like they do the rest of their products. I imagine that would at least be a good starting point, and they can probably tell you if such a suggestion should be directed elsewhere. Let us know if you hear anything back!
0 -
This content has been removed.
-
Nevertheless, thanks for weighing in! I don't have any inside info, but each year I get my hopes up a bit that Apple will give us some more new toys to play with on the watch and other devices. Time will tell. :)
0 -
+1 for me too.
Thanks for all the replies guys. :smile:
0 -
1+
Thanks, for your good feedback!0 -
:) :+1:
0 -
Hello,
I was wondering if it would be possible to update 1password to unlock your vault via your phone or watch. I do not have a fingerprint reader on my Macbook Pro, and would really appreciate a way to unlock my vault from my phone or watch. Along the lines of how my Macbook Pro allows me to unlock it via my watch. I realize it likely isn't possible, and Apple reserves the ability to do that magic to it's own devices. But thought I'd ask, as it would be a cool feature!
Thanks for the awesome application!
Dan1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
@frenn: There isn't an "Unlock with Apple Watch" API that Apple makes available to 3rd party developers currently. So unless Apple adds something like that in the future (like they have with Touch ID and Touch Bar on macOS), there isn't a way for us to do what Apple is doing with "Unlock with Apple Watch" for macOS user accounts.
Apart from that, we're on our own, and there are technical pronblems: how can we securely store a shared secret that the two devices can use to authenticate each other, which cannot be compromised? Since the iPhone 5S, it's been possible to store a secret in the iOS Keychain which is unlocked only using Touch ID, and authenticated with the Secure Element. With Touch ID Macs, this is similarly possible. But on every other Mac, this is so far a real problem without a good solution, unless Apple makes T1, T2, or some other variant with a Secure Enclave standard across the line.
0 -
Hi!
Just dropping another +1 to express big interest in this feature.
I understand technical difficulties involved and you are way smarter then me anyway, so I will refrain from "yet another smart-ass customer suggestion", stay on expression interest and leave problem-chruncing-idea-making process to you guys :-)Best to all and thanks for great work so far!
0 -
Can't edit, so I will just at short addition.
Somewhere in this thread was written that easier thing to implement would be to enable Apple Watch unlock only after Vault was once opened.
I actually think this is better solution than "always-open" ability for reasons also stated in this thread - we will forget master password.
And you are absolutely right about this - it all seems fine once it works, but things do break and I would hate to loose 1Password vault after couple of years of using it.
So yeah, there HAS TO BE a place where we regularly enter master password and physical keyboard is the best place to do it, for sure.
At least until better means of authentication becomes a standard (one that does not involve volatile human memory :-))0 -
@mblataric - thanks for weighing in. There's no doubt at all that this would be a great thing to be able to do. I'd love it, myself. But until such time as we can be certain of being able to do it in a secure way, it's not going to happen. We'll keep an eye on the state of play, however, and if it becomes feasible, we'll definitely be looking into it. :)
0 -
+1 for this feature request - either using the iPhone or Apple Watch (or either!) to unlock the Mac version of 1Password. I know from this thread that there isn't currently an Apple API for doing so, but I have faith that you guys are smart enough to figure something out!
Edit: I'd offer some suggestions as to how to do it, but I'd bet that my limited knowledge on computer security wouldn't offer anything you hadn't already thought of.
0 -
Thanks for chiming in. While it still isn't feasible going into 2019, I do hope it will be possible someday. Happy holidays! :)
0 -
Hey @brenty could you leave a little blurb here on what we should be requesting via the Apple Watch feedback channel noted above? This feature request is clearly popular and perhaps mobilizing the community will help the Apple team prioritize addition of new public APIs to WatchOS.
0 -
@wenzowski - you're more than welcome to ask Apple for anything of this nature you'd like, but please don't give them the impression that we're the ones generating these requests, since that's not the case. I'm not entirely sure the exact nature of the API they're using internally to accomplish this, but it would be the same (or very similar) mechanism used to unlock your Mac with your watch. Currently, Apple reserves that ability to their own devices and does not make the API for that available to 3rd-party developers like us. Without it, we'd have to come up with our own way around the issue, which would necessitate storing your Master Password in some form, and we've just not been able to see any way to do it in a manner that meets the security requirements we have for our users.
0 -
Potentially coming in 10.15: https://9to5mac.com/2019/04/18/apple-watch-mac-password/
According to sources familiar with the development of macOS, the next major version of the operating system will allow users to authenticate other operations on the Mac beyond just unlocking the machine with their watch.
0 -
Fingers crossed. :)
Ben
0 -
I think everyone will be pleasantly surprised with these news:
0 -
Let's not count on features before they're announced by Apple, but here's hoping. :)
0 -
+1 for the Apple Watch unlock 1 Password request.
+2 for the useful responses from 1Password team members and the fairly rational comments by the community!0 -
:) :+1:
0 -
+1 for this feature request!
0 -
@OTGGamer - yep, we're looking forward eagerly to see what kind of new possibilities this might open up for us. Nothing to announce just yet, but something like this would appear in the release notes for new versions, and possibly also on our blog.
0 -
The only problem I see is that whereas iPhone has secure biometric authentication (which I would trust), Apple Watch usually has a simple passcode (which I keep short because typing on that little surface is not fun).
Therefore (much as I would like the convenience of Apple Watch unlocking), the security hurdle of compromising Apple Watch is much lower than that of compromising iPhone's biometric authentication.
OTOH, if you're using a simple passcode on the iPhone, it suffers from the same problem.
Let's face it: we use (I hope) a complex 1password master password because we want there be a significant hurdle to getting into the password vault with ALL your passwords.
For me at least, a compromise of my Apple Watch (or any of my devices) would be nowhere as catastrophic as a compromise of my password vault.
Then again, if you've turned on "wipe my watch after 10 tries ..."
0 -
That's one of many hurdles as far as security, yes.
0