I want „two factor authentication“ for 1PW on my phone!

Chris90
Chris90
Community Member

I use 1Pw on my phone for many years.
Since Touch ID, 1PW become muche easier to use it on my iPhone, as I use long 12 Digit 1PW Masterpassword.
Because Touch ID is so easi to use, i now become accious, some one could acces my 1PW iPhone an open it just with my finger, wail I am asleep, nokout, drunk...
That for, I realy like to see is a optional „two factor authentication“ to open 1PW on some of my Phones, or to make all, or sertain, passwords visible with in 1PW.
According to Stiftung Warentest at
https://www.test.de/Passwortmanager-im-Test-Vier-von-neun-sind-empfehlenswert-5231532-0/
a well nown europen consumer protectition agencie and funded only by governament, 1PW is missing this important feture, in oposit to many other password manager apps.
This was the reason, 1PW was rated „mediocer“, in opposit to LastPass (rated „very god security concept“)

My sugjetion is that, in adition to TouchID, you add the optional nessesity to use a Password to open 1PW or just to make visible some or all passwords with in 1PW.

sorry for my bad english..
Chris


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • XIII
    XIII
    Community Member

    Seems like an unfair comparison, since for me the option use a "PINcode" is disabled in LastPass for iOS when Touch ID is enabled.

  • Lars
    Lars
    1Password Alumni
    edited October 2017

    @Chris90 - no worries on the English; I'm sure I would be worse if I tried to use your language. ;)

    While I understand your request for two-factor authentication of 1Password, and while 'test.de' are certainly entitled to their opinions, there's a reason 1Password does not use two-factor authentication. You can read about differences between authentication (like 2FA) and encryption here, but just to address a couple of your points: if you are worried people you live with or are comfortable falling asleep in the presence of, will try to steal your data or other personal valuables, then you should not use any method of quick unlock, either for your device itself or (certainly) not for 1Password. This is a matter of you assessing your own threat profile; most people at least trust the ones they live with enough to not fear being robbed if they fall asleep; if that doesn't describe your situation, then I'd be very cautious if I were in your situation. I'd certainly disable TouchID on my device(s) and require the use of your (hopefully long and strong) Master Password.

    Additionally, if you have a 1password.com account, your account is protected with not a second authentication factor, but an actual second encryption factor, by means of the Secret Key.

    Thanks for the suggestion, and for being a 1Password user. Let us know if you have any further questions. :)

  • Chris90
    Chris90
    Community Member

    Dear Lars
    I absolutily trust the peoples I am living with, but as every one else, I am sometimes with people I dont know or in sutuation not completly safe, and as we know, live is full of surprises...
    So befor I change my livestyl, I rather change my password manager!
    There are a few very importaned and higthy confidencial Datas on my 1PW (not all, just a feew) and neither taking them off 1PW nor using only long cryptik Master passwords to open 1PW on my phone
    are an option.

    So that I want is TouchID, to open 1PW and give access to normaly confidential datas and, as an aditional security level, a 2FA of
    p.ex. 4-6 Digit code, to habe acces to a few higthly confidential Datas with in 1PW App.
    This would also raise the security level with in 1PW family or Team, were one never knows, if every one else in the groupe lives with trustabel compagnones oder uses safe 1PW Master password.

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    The same person who forces you to use your finger can force you to reveal your pin code. If you refuse to share your pin, then you can refuse your master password. No?

  • Chris90
    Chris90
    Community Member

    it will take a long time to the person who forced me to open 1PW with my finger to realyse, that the most confidential datas are secured with an aditional password.

  • Chris90
    Chris90
    Community Member

    the idea is, that the 2FA apeares only, when you want to acces a password in an object secured with 2FA.
    So a hostil person, having acces to your 1PW, only realsys that ther is a 2FA second security level, when he wants to see a particular password in an object.
    So, if you give „neutral“ name to your most imporant objects, the hostil person will have to check your 50-150 objects in 1PW, befor realising that there is need for a 2FA password.
    I realy want to see this, specially with Family and Team!!!

    An other posibility for 2FA could be that an password is asked to show a password in an object, but the password could be overrided by using an other finger on TouchID.

    An other helpfull option could be, longer an longer time between next password tentative an auto deletion (only on the device) after 10 wrong masterpassword, like in iOS.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Chris90: If you're in a situation like that, get help. There is no technological solution to domestic abuse. That's not something anyone should have to put up with. You deserve better.

    With regard to 1Password, we have no plans to do what you're asking. That's not real security; it's security theater. It may very well give some people comfort, but the reality is that, just like crossing borders, if you're in a situation where coercion is a concern, there's no guarantee that the person will take it at face value when they open your fake vault and don't see what they want. Even if you let them into your actual data, in that situation, they don't have to take your word for it.

    I'm sorry I don't have better news for you, but this isn't something to discuss so flippantly. 1Password cannot protect us from those sorts of people. The only solution is to get help, whether from law enforcement or legal professionals, from friends and family and crisis workers, to get out of a dangerous situation and get protection.

This discussion has been closed.