Fingerprint not recognized on iPhone. Want to use pin code
I am a longtime 1PW user and am helping several friends install and use it. One person has reverted to using simple passwords because she has to use the master password every time she needs to access 1PW on her iOS device. Her fingerprints are hard to read. I can't find a way to activate a pin code. I think I might have read that on devices with Touch ID, there is no option to have a pin code. In this case, how can a person use 1PW on an iPhone if the device can't read her fingerprint. Putting in the master password each time has been such a deterrent that she is now not using the power of 1PW. I'm not sure of the additional info you ask for below. However, I know she has a newer iPhone and also uses a series 3 iWatch.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:How do I send a question to you on this forum
Comments
-
@mail_ronandclaudia: Thanks for getting in touch! If fingerprints are an issue, they may want to disable Touch ID on the device itself. In that case 1Password will offer a PIN option in Settings > Security. Otherwise, even with Touch ID available, you can explicitly enable the PIN option in Settings > Advanced > Security. I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
I have been finding Touch ID unreliable in recent months which is frustrating since I have to enter a 30 character passphrase (with interspersed symbols) which is laborious. I just tried the PIN code option which requires disabling Touch ID in the 1Password app (so you can't use both, e.g. Touch ID with fallback to PIN code, which actually might be a security feature -- see my later comments below). What I have learned about the PIN code is that it is 4 digits long and can only be attempted once before falling back on passphrase.
Question: I would like to know if the PIN is stored in the secure enclave, but I guess it wouldn't matter too much unless someone can live dump iPhone memory while it is running using the lightning port.
I also want to comment on the security of biometrics versus PIN code.
Personally I think using a PIN code is much safer than Touch ID. I do think it would be better to extend the number of digits of the PIN code or offer a secondary password (with the same one chance authentication limit). My understanding in some legal jurisdictions the police can compel you to enter your biometrics to access your phone, but cannot with a knowledge based authenticator as that might be self-incrimination. I'm not a lawyer, so I can't guarantee this is the case, but in some situations the PIN code can be better off. The other situation is if you're incapacitated or deceased, in which case biometrics can still work, whereas a PIN code cannot be viably extracted.
Anyway, just my thoughts on the issue. I'm really glad this feature is available.
0 -
Hi @snappy,
Question: I would like to know if the PIN is stored in the secure enclave, but I guess it wouldn't matter too much unless someone can live dump iPhone memory while it is running using the lightning port.
If this is anything like TouchID, then the PIN is not stored, and is only used to actually decrypt your data, until the next time you need to unlock the app.
I have been finding Touch ID unreliable in recent months
Can you please clarify what you mean by "unreliable"? I would like to see if we can make this work flawlessly for you, because reverting to a PIN to unlock your data is not the best option if you can indeed use TouchID.
0 -
Can you please clarify what you mean by "unreliable"? I would like to see if we can make this work flawlessly for you, because reverting to a PIN to unlock your data is not the best option if you can indeed use TouchID.
It appears the iPhone 6s/iOS is unreliable with fingerprints. Enrolling multiple fingerprints make it worse. There are times when I reset and enroll a fingerprint and it works well consistently for a few weeks, and then it gets to a point where it stops working. In any case, I'm quite satisfied with the PIN lock and for the reasons I gave earlier, much prefer it from a security & privacy standpoint. An adversary only has one opportunity to get the PIN code correct which is a knowledge based authenticator. I'd rather not allow my password database be vulnerable to unauthorised biometric authentication in the case I was incapacitated or deceased.
0