Request Feature: Use Touch ID/Face ID on iPhone to unlock 1Password on macOS.
It would a highly desirable to be able to authenticate oneself to 1Password on the Mac using the Touch ID sensor on the iPhone, since virtually every time I open the 1Password window on the Mac, I have to [re-]enter the password.
I can authenticate myself to Apple Pay via Safari on macOS with Touch ID, when my iPhone8 Plus is nearby, so I wonder if Apple provides any way at all for the 1Password iOS app to proxy the Touch ID authentication to your macOS app. I suspect that many who spend a significant amount of time at their computer and own an iPhone (or iPad), generally prefer to keep it the iOS device charging nearby, to preserve battery life.
I don't know if Apple provides an API for this kind of inter-device Touch ID authentication, but it seems like, if it isn't available yet, it will be, and Apple should be persuaded to provide a mechanism to do it. Alternatively to an explicit API on the Mac to handle it, maybe it is possible to use the LocalAuthentication framework with a background 1Password app to proxy authentication to your macOS app? I know there is a PAM module that allows some kind of Touch ID/Face ID (e.g. biometrics) authentication for sudo, so I am hopeful there is some way for you to facilitate it.
I believe it would be a wildly popular feature and something you could heavily tout in future release notes, if you could pull it off.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Would be nice to be able to use Face ID or Touch ID on phone to authenticate on macOS
Comments
-
@Typical User - I had to smile a bit as I read your post, since I don't think things like "LocalAuthentication framework" are areas of knowledge for the actual typical user. ;)
However, your point is well-taken, and you're not the first person to ask/wish for something like this. The problem, as you suspected, is that Apple has not made such APIs available to us developers yet, and although your guess was that they soon would, I'm not that certain, myself. Apple is famously close-lipped when it comes to when (or even IF) you'll see such things, preferring to just drop them on the public (and that includes us) in fully-developed form, usually, so who knows? But I tend to suspect the fact that they haven't made it available yet may mean they're not planning to do so.
Unfortunately, with that being the case for now and the foreseeable future, we've found no way to do this without using Apple's APIs that isn't too insecure for our purposes. The same is true of people who want to unlock 1Password on their Mac with their Apple Watch: it would involve having to store your Master Password somewhere, and that's just not something we're willing to do. I'm not saying you'll never see such a thing; if Apple hands us the APIs, I suspect we'd jump on it. And if another, more-secure way to accomplish it ourselves without the benefit of Apple's APIs becomes available, I suspect we'd jump on that as well. As it stands right now, however, this one remains in the "that's be nice, someday" category. :|
However, we really appreciate you taking the time to make your wishes known, and we'll certainly be shouting it from the rooftops if such a thing becomes a reality. Thanks!
0 -
Isn't it possible to store the master password, or an equivalent temporary access key of some sort on the iPhone's secure enclave?
Your Master Password is stored securely
When you enable Touch ID, 1Password stores in the iOS Keychain an obfuscated version of a secret that is equivalent to your Master Password. The secret is used to unlock 1Password when your fingerprint is recognized.https://support.1password.com/touch-id-security-ios/
Since it looks like iOS is storing decryption keys already, can a similar procedure store a secret for the desktop app, then send an encrypted/obfuscated + hmac'd version to the desktop device when a fingerprint matches? I assume there are some hidden challenges there like desktop/mobile pairing and figuring out a safe way to send keys over the network... what are the biggest blockers right now?
0 -
The biggest blocker is available time.
Ben
0 -
That's a very flippant response to a detailed question. Don't you think?
0 -
@pixelmachine - not really, no. We've got a long list of things we'd like to do with 1Password, and an even longer one of things customers request from us. Some of those we can tell are no-go from the start, but even among the ones we could do, the biggest factor available is the number of developer hours in a week. Then there are other considerations such as: how many people want this feature? How many users would it affect? Are there any security considerations? What else do we have on our plate that would have to wait if we worked on this instead? Do WE think this is a good idea...and numerous other considerations. It's definitely not an exact science, but one thing that's certain is that there are always more things to do than there are hours in the week. So the biggest blocker to most things really is available time.
0 -
Don't get me wrong I know the answer is honest and priorities are priorities however the thread was:
Q. Can you do something using [detailed technique]
A. We'd love to but can't yet [detailed explanation] as soon as it's possible we hopefully will
Q. How about this [detailed technique] then?
A. Don't have timeI had been wondering for ages if something like this were possible as opening 1P repeatedly each day really is a bit of a chore. I finally remembered to look it up and just found this thread a little... sad.
Anyway, I have no idea why I got involved, 1Password is wonderful, you're all wonderful and the internet needs less conflict. So have a lovely day.
0 -
That's a very flippant response to a detailed question. Don't you think?
It wasn't intended to be. I tend to be fairly brief and direct in my answers, in contrast to Lars who tends to elaborate a bit more. Just a different approach. I don't think one is right and the other is wrong. Folks tend to appreciate one or the other. :) I was asked "what are the biggest blockers right now," so I answered: time. And that answer is still the case today.
A. We'd love to but can't yet [detailed explanation] as soon as it's possible we hopefully will
A. Don't have time
These are the same answer phrased differently. No disrespect was intended, I was just trying to get the point across.
So have a lovely day.
You as well.
Ben
0
