feature request: security option to require both touch id and master password to unlock vault
I know touch id is meant to provide a convenience while still adhering to a high level of security. However, I'd love the ability to require both the master password, followed by touch id to unlock the vault. Queue James Bond theme song while imagining going through a series of bio metric and password safeguards. Joking aside, this would raise my level of work and personal security confidence.
One interesting thing about the implication of this: having two different authentication requirements, you get a much added protection. It's not just like having two passwords. e.g. if you have a malicious keylogger on your system, you would only be able to obtain the master password. You would still need to forge the fingerprint!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @lundjordan ,
It's an interesting suggestion, but be advised that you may not get the security increase you are looking for. If a piece of malware is able to install a key logger on your system, think about what else it might be able to do. Can it read your browser cache, any other file on your system, and possibly contents of memory?
It's not to say it's an impossible problem and wouldn't provide any gains, just something we'd have to carefully consider before we would offer such a thing, and to make sure it adds a significant amount of security over choosing a good strong Master Password.
I'm so glad you are thinking about your security! We'll think about your suggestion. I can't promise when or if it will be implemented but we'll consider it. And thank you for taking the time to write in!
Cheers,
Kevin0
