How "secure" is 1Password on iOS, really, given wacky U.S. Laws today?

jeffc
jeffc
Community Member
in iOS

I got into a discussion with a friend about phone security and legal status today (at least in the United States).

So, today, case law has dictated that users can't be compelled by law enforcement personnel or courts to supply the password to their phone. This is good, but then the flip side is: users CAN be compelled by law enforcement personnel or courts to supply a fingerprint to unlock a phone. Pretty weird, given that on iPhones, the fingerprint is a very convenient shortcut to unlock all sorts of things.

I wonder how this relates to 1Password, however. In my case, if police or the court wanted to get to my phone, for most of it, I'd say "okay, here you go". There's just not a lot of super private stuff on it. I can live with them getting access to my email and stuff.

However, 1Password is a different story. Giving ANYBODY access to 1Password is equivalent to giving away the kingdom, and would be catastrophic (i.e. they get decryption keys to disks in safe deposit boxes and backup cloud services, etc). I have a very long passphrase for security (some 45 bytes long or so), but to make 1Password usable, I do allow fingerprint unlock (given the long passphrase, this is somewhat mandatory).

I suppose the paranoid would turn off the phone or otherwise disable fingerprints (try to unlock four or five times with the wrong finger, and the password is now required). But this assumes I have the time to do so.

I guess my question is: How can I protect my 1Password data on iOS if law enforcement or courts decide they want my phone? I'm happy to give them everything on the phone EXCEPT 1Password! But meanwhile, 1Password has to be usable.

Once choice would be: Allow a short passcode (numeric 4-digit or something) with a fingerprint and, if entered wrong twice or something, then go back to asking for the master password. This option isn't currently available in 1Password for iOS (at least that I can see in the security menu). A numeric passcode is a "password", so I couldn't be compelled to divulge this.

Given the bizarre legal rulings in the United States today, how can I keep my 1Password data secure from courts or law enforcement if my phone is removed from my possession, given that I can be compelled to provide a fingerprint?

Am I super paranoid? Sure I am. But then to some degree 1Password is designed for people like me! :smile:

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • rudy
    rudy

    @jeffc,

    The first thing that comes to mind is that you could turn off Touch ID on the phone and 1Password. Its far less convenient, and far more tedious, but its a trade-off in the scenario you describe above.

    Rudy

  • pervel
    pervel
    Community Member

    If you go to Settings > Advanced > Security > Require Master Password, you can change the amount of time before your Master Password is required.

    Another option is of course to use the wrong finger three times in a row. That will disable Touch ID and require your Master Password. Remember to look innocently at the officers when you do that. :lol:

  • Ben
    Ben

    Yep! :)

    Ben

  • jeffc
    jeffc
    Community Member
    edited January 2017

    Hey, the LAST thing I want to do is "dumb down" 1Password security to make it "easier" for me. That's nuts. I have a 45 byte passphrase solely to make it that much harder for people to "guess" what my passphrase is, if they somehow otherwise got access to a computer or my phone.

    @rudy Turning off touch ID would mean I'd be forced to pick a shorter passphrase. Not an option. Touch ID is a key feature, and we all need that.

    @pervel Thanks for that suggestion. I did find changing the time the master password expires shortly before posting this message. Using it, I brought back requiring a passphrase on device reboots, which kind of helps mitigate this, at least a little. Depends on what's done with the phone. Wrong fingerprints is an option, of course, and I mentioned that in my original message. I'm a little hesitant to disable it after a set amount of time, as that would make me more likely to dumbing down the passphrase, and I don't want that.

    I have seen some apps that have two security mechanisms: A digital ID (4-6 digit passcode) and TouchID, where the digital ID is optional. I think that would solve this issue nicely since a passcode is clearly a password. The passcode, if enabled, should require a full passphrase if entered wrong after a very short number of tries (like maybe 2 or 3 at the most).

    AgileBits: What are your thoughts on this?

  • Ben
    Ben

    I think we're pretty happy with the options given to balance of security and convenience currently, without high levels of complexity. But we do appreciate the feedback and will certainly take it into consideration as we move forward. :)

    Ben

This discussion has been closed.