Request password for certain sensitive items when using touchID

wakamiti

I really enjoy the convenience of using touchID to unlock 1password however I don't believe touchID is as secure as a strong password (there have been several touchID hacks). I'm happy to trade the reduced security for 99% of the items in my vault however there are a few that I don't want to secure behind touchID e.g. valuable private keys.

Ideally I could mark these items so 1password required me to enter my password to view them so that if my touchID was hacked, these items would still be unaccessible without the master password.

I thought that a solution might be to create a separate vault for these items but the touchID option is not configured per vault, its either on or off for all vaults.

Is there a solution to this issue?

---

1Password Version: 6.7.1
Extension Version: Not Provided
OS Version: MacOS 10.12.4
Sync Type: Not Provided

Drew_AG

Hi @wakamiti,

Thank you for your feedback and feature request! Requiring a master password for only certain individual items isn't currently possible in 1Password, and I'm not sure if it's something we would consider adding, but it's definitely an interesting idea. We actually had something similar to that back in 1Password 3 for iOS, where two passwords were used to encrypt the data: a PIN code could be used to unlock the app, and individual items could be set to require the master password to view them. There were problems with doing it that way, one of which was that many users forgot their master password because they never used it, and ended up losing access to those items which required it.

Thanks again for sharing your idea with us! If you need anything else, we're here for you. :)

anonymouse

May I add my support to this feature request. It is the one thing keeping me from signing up for 1password (and I bet there are other potential customers in the same position) ... so please tell the developers that there is real revenue behind this feature!

I found users asking for this back to 2015, with various slight variations - and several different UI suggestions.

Here's the use case:

• we want the convenience and speed of Touch ID for general passwords we use in Safari;
• but we also have a set of more private details (eg bank accounts, credit card PINs) for which TouchID isn't enough security
• and we will have used a horrible-to-type-on-iPhone password for the latter, so don't want to type it just for general passwords.

Therefore we need:

• a subset of records (whether that's by record, or by vault, or whatever) can be marked as "cannot be unlocked by TouchID"
• 1password should, for those records, prompt for Master Password before revealing the record
• further records from that subset can also be displayed until after the regular unlock timer has expired.

This does not seem too difficult to implement?

Drew_AG

Thank you for sharing your thoughts about this with us, @anonymouse! If you haven't already done so, please make sure you take a look at my previous post above, as I described a very similar feature we had in the past, and one of the reasons why it didn't work out very well for a lot of customers. Now, that doesn't necessarily mean we'll never look into adding a feature like you've described if we come up with a better way to do it, but it's not something we're currently working on.

Although you may see some of your items as needing less protection than others, we think all of your data should be well-protected, and we wouldn't have added support for Touch ID if we weren't able to do so in a way which meets our high standards for security. If you haven't already seen it, you might be interested in this knowledgebase article: About Touch ID security in 1Password for Mac

Of course, the thing about Touch ID is that it's possible for someone to force you to use it without your consent (as mentioned in the above article). If you're concerned about that, we recommend you disable Touch ID.

Thanks again for your feedback! If you have more questions about that or need anything else, just let us know. :)

anonymouse

Well I have heard it said that TouchID is the equivalent of 5-6 character passcode. Am I going to encrypt my most sensitive things against a five-character passcode? No way.

And I don't accept the argument that "we can't do this because users who don't use their master passcode enough will forget it". There are plenty of ways to cater for that lowest denominator, including labelling the requested option as an advanced option.

In security there is always a balance between convenience and protection. For many of us we need two different balances, for different kinds of data - easy access for some, high security for others. This is the sort of option that could easily be built in per vault in the same way that "share it with my family" is a choice per vault.

AGAlumB

@anonymouse: I'm not sure who you're arguing with exactly. It's sounds like you're taking exception to Drew's statement about people forgetting their Master Passwords, but that's not open for argument; it's something we see every day.

The solution is to use a strong Master Password, as that will protect all of your data the way you're describing, without the additional maintenance of trying to determine on a case by case basis which items should require it and mark them as such. Maybe you just have very few items in your 1Password vault, but many users — especially those who've been using 1Password for a good chunk of its decade-long existence — have too many for this to be reasonable.

If you do not feel that Touch ID is not secure enough for your needs, that's totally your call, because it's your data. You don't have to use it at all, and by the same logic it would be insufficient for you anyway.

But the real problem with what you're proposing is that it would offer you only a false sense of security, because your Master Password would already have to be in memory if the rest of your vault is unlocked in order to decrypt those "low security" items. So requiring you to use Touch ID or enter your Master Password again would just be smoke and mirrors. That may be what you're looking for, just to deter a casual "attacker" (e.g. a nosy, not malicious, family member or coworker), but that's not the kind of "security" — security theater, really — that we want 1Password to offer.

But as Drew mentioned, it's something we may consider in the future, but only if it's possible to do this without compromising security, especially since it adds a layer of inconvenience by placing an additional administrative burden on the user. And even then, we have to prioritize working on things that offer the most benefit for the greatest number of users; and there just hasn't been much demand for this, even as we removed a similar feature years ago, since it did more harm than good.