iOS PIN Security

suffice
suffice
Community Member

I have meticulously read through discussion 98376/Pin Security (now closed), along with a couple others posts is all I could find, but I still am having trouble understanding what is being said. Most recent posts were back in 2018 and before.

Has anything changed since then?

I am out-of-trial and happily have an 1Password Account. But I am not, yet, using 1Password.

Backing up for a minute, I understand that iOS is a walled garden [ I'm guessing Android phones use a simple 1Password PIN (QUC) solution ]. AgileBits has masterfully leveraged Apple's iOS Keychain so as to offer PIN code for iOS 1Password users who do not wish to key strong Master password each time they open the app. My household will not use 1Password unless/until I create a PIN code.

I do not wish to delve further into iOS PIN security details.

OTOH, what I would kindly prefer (if reasonable and sensible, of course) :)

Can anyone of the AG Team confirm, maybe something like this:

"Yes, I know of one or more Team members that use iOS PIN codes on their personal 1Password accounts".

At this point, if 1Password Team member(s) are knowledgeably and confidently using iOS Keychain PIN code, I will choose to trust that it is (completely? sufficiently?) safe to use and move on.

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @suffice!

    AgileBits has masterfully leveraged Apple's iOS Keychain so as to offer PIN code for iOS 1Password users who do not wish to key strong Master password each time they open the app. My household will not use 1Password unless/until I create a PIN code.

    Is there any reason why your household would not simply use Touch ID or Face ID to unlock 1Password instead?

    About Touch ID security in 1Password for iOS

    In addition to being secure, it would be even quicker than entering a PIN code, if the goal is to unlock 1Password quickly (which sounds like the reason you are asking this).

  • suffice
    suffice
    Community Member
    edited December 2021

    Thank you @ag_ana, for your response and on point suggestion. A very helpful article, too. Secure, Simple, Easy.

    Though the risks are small and the advantages are big, it comes down to firm reluctance to Biometrics. But then there are potential risks of jailbreaking and with PINs, too. The list goes on.

    Obviously, this is all at the subjective and personal level. Just wanted to think out loud a bit, and with other(s) input, hone my chosen solution.

    For now, I am re-visiting the use of random memorable 1Password Master Password (including the associated large-size hash). JGoldberg has so expertly written about this, along with his Password-Cracking challenge assessment and results. I have gone back-and-forth for a long time on this topic of passwords and entropy. Maybe this time I can internalize 'random memorable' for myself, and then convince other family as well.

    Also, I think it would be nice to see an Auto-Lock option of 4 hours.

  • ag_ana
    ag_ana
    1Password Alumni

    @suffice:

    For now, I am re-visiting the use of random memorable 1Password Master Password (including the associated large-size hash)

    For what it's worth, this is what I am using too :+1:

    Also, I think it would be nice to see an Auto-Lock option of 4 hours.

    Noted, thank you for the feedback!

  • suffice
    suffice
    Community Member

    @ag_ana:

    It is worth it. Thanks for mentioning that!

    I need to focus more on the large hash which I tend to forget.

  • ag_ana
    ag_ana
    1Password Alumni

    @suffice:

    Since we are on the topic, this article might also be useful:

    How to choose a good 1Password account password

  • maver1ck
    maver1ck
    Community Member

    @ag_ana
    Is there any similar thread about MacOS app and TouchID?
    If yes I have use case. Using MacBook with docking station with closed screen.

  • Hi @maver1ck:

    Currently the only alternative unlock methods we offer for 1Password for Mac are Touch ID or Apple Watch unlock. If you'd like to see the specifics of how the security of that works, you can find more details here: About the security of using Touch ID or Apple Watch to unlock 1Password for Mac

    Let me know if that helps, or if you still have questions!

    Jack

  • maver1ck
    maver1ck
    Community Member

    I don't have Apple Watch and when using MacBook with docking station I'm not able to use TouchID.
    So the only solution is to change auto lock option (not so secure)

  • Apple does now offer a keyboard to help with that use-case, if you have a compatible MacBook:

    https://www.apple.com/us/search/Magic+Keyboard+with+Touch+ID+for+Mac+models+with+Apple+silicon?src=globalnav

    For what it's worth. 😊

    Ben

  • alexiaa
    alexiaa
    Community Member

    But then there are potential risks of jailbreaking

    A jailbreak cannot bypass biometric authentication in 1Password, as it decrypts the token from the iOS keychain rather than using a simple boolean check.

This discussion has been closed.