Provide Option for PIN Lock on iOS

RobTX
RobTX
Community Member
in iOS

I don't often use TouchID for security reasons and prefer to set a 4-6 digit PIN. I am able to use either on LastPass. Any plans to provide this option on the iOS client? Thanks.

1Password Version: 6.54
Extension Version: Not Provided
OS Version: iOS 10
Sync Type: iCloud

Comments

  • Ben
    Ben

    Hi @RobTX,

    Thanks for taking the time to write in!

    Touch ID is much more secure than a 4 digit PIN. We do not have any plans to enable PIN unlocking of 1Password on Touch ID enabled devices. Sorry. :(

    That said, if you prefer to not use Touch ID at all, and want to use a PIN for 1Password, if you disable Touch ID altogether on the device 1Password will allow a 4 digit PIN instead. I would not recommend this, though.

    Thanks.

    Ben

  • RobTX
    RobTX
    Community Member
    edited April 2017

    Thanks. In my view it is much easier for someone to force their way into your iPhone by holding your finger against the reader than get you to divulge a PIN. Of course, if someone is holding a gun to your head, all bets are off. :p

  • Ben
    Ben

    Obviously the most secure method is to use a strong Master Password and only unlock using that, but that isn't super convenient of course.

    Your point reminds me of this most excellent xkcd comic strip:

    ;)

    Ben

  • alexelcu
    alexelcu
    Community Member
    edited May 2017

    Fingerprint sensors are inherently insecure, not only because you can be forced to provide your fingerprint (and law enforcement probably has it already), but see for example this recent story: https://www.nytimes.com/2017/04/10/technology/fingerprint-security-smartphones-apple-google-samsung.html

    I'm actually disappointed to see that 4 digit PINs are considered more insecure than Touch ID by 1Password. If that PIN would lock the app after a failed attempt, then the theoretical probability of getting it right that one time is 1 / 10000, assuming no exploitable problems in the software (which can happen with Touch ID as well) or detectable bias in picking those digits.

    Also, I wish people would stop linking that comic to make a point, e.g. US border patrol won't hit you with a $5 wrench without risking an international conflict or (for US citizens) being accused of violating their own Fifth amendment.

  • Ben
    Ben
    edited May 2017

    Fingerprint sensors are inherently insecure

    I'd argue 4-digit PINs are too. ;)

    If that PIN would lock the app after a failed attempt, then the theoretical probability of getting it right that one time is 1 / 10000

    I'm not sure I follow. You're suggesting only allowing one PIN entry attempt before going nuclear?

    e.g. US border patrol

    US border patrol isn't the only consideration.

    being accused of violating their own Fifth amendment.

    I've seen it argued that the fifth amendment doesn't apply at the border. But in any event, as I mentioned, US border patrol is not the only concern.

    You're right: they probably aren't going to hit you with a wrench. But they may hold you indefinitely without trial until you give it up.

    Thanks.

    Ben

This discussion has been closed.