Please bring back the PIN.

skyskidoo
skyskidoo
Community Member

Hi everybody! I've set up a 1 password account. I use it on an iPhone 6s, an iPad Air 2, an iPad mini 2, 2 windows computers and a Mac5k. My PIN code works for some reason, on all but the Mac 5k. (It was working on the Mac5k until I reinstalled a clean version of the new Mac OS). I have an 11 digit master password that I don't want to type 25 times a day and I don't want to turn 1password security on my Mac off either. Otherwise why not just put my logins into the Notes app? I have an idea that a glitch is enabling my PIN to work on my fingerprint devices but I'm not sure. Anyway, could a PIN feature be brought back for all versions or do I need to go to a 4 digit Master Password??


1Password Version: 6.3.3
Extension Version: Not Provided
OS Version: macOS 10.12
Sync Type: iCloud

Comments

  • Pilar
    Pilar
    1Password Alumni

    Hi @skyskidoo

    Thank you for taking some time to write to us and letting us know what you'd like to see in 1Password. It's sometimes hard to find a good balance between things being practical and them being secure. On your mobile devices you can use your pin or even better fingerprint and it makes using 1Password so much easier! However on desktop typing the full password is still the best approach. I've found that since I moved into having a Diceware Master Password it's so much easier to type it as often as I need. Have you tried doing something like this? :chuffed:

  • skyskidoo
    skyskidoo
    Community Member

    Thanks Pilar. I'm a slow typer so I'll keep looking. The Touch ID thread here might have a solution for me.

  • Pilar
    Pilar
    1Password Alumni

    Hi @skyskidoo

    You're welcome! I can relate because whenever I have to type on my phone I'm so slow! Luckily there are new features both in hardware and software being implemented all the time that open doors for us so stay around to see the ways we find to take advantage of all this in the future! :chuffed:

  • skyskidoo
    skyskidoo
    Community Member

    Note that my 1Password Windows Beta computers allow a 4 digit pin. The interface says "Change the password for this device only. This will not affect your Master Password". Will this feature be removed when the app comes out of Beta?

  • MikeT
    edited September 2016

    Hi @skyskidoo,

    The problem with the 4-digit PIN is that you are intentionally weakening the entire security system of 1Password, the longer you keep using the shorter password to encrypt your data, the quicker someone will figure out how to break into your data. It takes a few hours to break a 4-digit PIN code and in a few years, maybe mere minutes as computers continues to get faster.

    The second issue is that in order for the PIN support to be implemented, a version of your master password has to be stored somewhere on your device, which is a security issue of its own. On iOS, we store it in the secure enclave that's built just for this, macOS or Windows computers doesn't have anything like this, which is why we don't support it at all and will never implement it until there's proper hardware support. Intel is working on a cool idea for this, Apple is supposedly working on bringing TouchID to macOS in the near future, which might bring the hardware secure enclave support as well.

    In the UWP version of 1Password 6 Beta (Windows Store app), the one you download from the Windows Store, we do support using Windows Hello but only for the duration of the current session. As long as you don't close 1Password but keep it running, it'll let you unlock 1Password with your Windows PIN code or biometric device.

    If you change your master password to 4-digit PIN on your PC, someone can break into that PC, upload your encrypted data file and run a brute force attack on it to break it in a few hours. It matters not that your master password is stored in the secure enclave on the iPhone or somewhere, it only takes one weak link to break the entire system.

    We strongly advise against doing this but instead, use an easy to type passphrase, you don't have to use a random string of characters, nor upper/lower cases. Here's how to generate a good phrase, using crow taboo carolina caldron vs. kSmf1nCg7uBDoFYe. In addition, you should also turn off auto-lock or extend the length of the auto-lock timer, so that your data is still left encrypted with the stronger pass phrase on the drive but you only have to type in your master password 1-2 times a day.

  • skyskidoo
    skyskidoo
    Community Member

    Ha ha. I give up. Ok Mike. Thanks folks, for the good information. Pass phrase it is!

  • eva_s
    eva_s
    1Password Alumni

    Hi @skyskidoo,

    I'm glad that MikeT's persuasiveness carried the day! That Mike is a smart guy!

    Best,
    Eva

This discussion has been closed.