Security Regressions in 1Password 8 for iOS
First off, I want to echo the frustrations voiced by many on losing control of when to require the master password to be input, whether it be "Never" or, as 1p7 allowed, 1 hr, 1 day, ..., "After Device Restart".
It is this last one ("After Device Restart") that I miss the most. I want to be sure that if I turn off the phone, the master password will be required the next time.What's worse? Unlike what the moderators are saying, on iOS on my phone, Face ID always remains available, regardless of the number of incorrect tries.
You can try this on your phone...close your eyes and try to unlock with Face ID. After a couple of attempts, it gives you the option to enter the master password, but the invoke FaceID button remains on the right, and you can click it and try again, and again, and again.....
At least on the Mac 1p8, it does indeed force you to enter the master password after a couple of incorrect TouchID attempts.
This is a horrible situation for people that may be in vulnerable positions, with someone trying an unlimited attempts to unlock your 1pW.
Please tell me you know about this and are fixing it!
Oh, and please sync last unlock (agree with others that being forced to unexpectedly enter the password in strange locations is not good) across devices, and please please bring back the option to require master password After Device Restart.
1Password Version: 8.9.0
Extension Version: Not Provided
OS Version: iOS 15.6
Browser:_ Not Provided
Comments
-
Agree with both points!
0 -
If you care about your security posture, delete 1pw8 immediately and use 1p7 until this is fixed. The radio silence on many of these critical issues points to 'we don't really care about you users anymore'.
Sigh.0 -
+1000000
0 -
Please bring back the options to allow users to:
- set when to require the master password to be re-entered (why is this hardcoded to two weeks in 1p8?)
- force lock the app manually, which should require the master password to unlock (just like the behaviour in 1p7)
Those two features were present in 1p7, but not having them in v8 feels like a major security oversight.
0 -
Hi @steven1 / @AMonitorDarkly / @asking_questions / @agheaG8a:
Thanks for bringing this up. Face ID can tell the difference between a "bad read", "no face found", and "definitely the wrong face", and we differentiate between them now in 1Password 8, which we didn't do in 1Password 7. If Face ID is getting "bad read" or "no face found", Face ID allows more attempts. This would explain why closing your eyes or pointing your phone at the ceiling allows multiple attempts. If a face is seen by Face ID that it's confident isn't the registered face, at that point you'll be limited to a handful of attempts to use Face ID before your account password is required.
As for controlling when you need to enter your account password, or manually locking 1Password and having that require your account password, not just Face ID or Touch ID, we're continuing to discuss that internally, but I don't have anything to share just yet.
Jack
0 -
Face ID can tell the difference between a "bad read", "no face found", and "definitely the wrong face", and we differentiate between them now in 1Password 8, which we didn't do in 1Password 7.
This is horrible. This means a roommate, partner, illegal LE search, thugs, etc. can keep trying to unlock 1pW without your consent, but against your face.
For an app that contains all your secrets, this is horrible. Combined with taking away all options to force an password entry (e.g. After Device Restart) you have made it super easy for others to get into your 1pW. I hope I am wrong, but perhaps that was your intent anyway.
I hope you change your stance and reconsider this behaviour.
0 -
After failing with Face ID why isn't there popping up the PIN of iOS like if I want to unlock my iPhone? This was the behavior with 1PW7 in iOS autofill.
0 -
FWIW, if coming under duress you can force IOS to require your PIN one time by clicking the power button 5 times quickly.
I'm glad 1Password can now distinguish between different "faces" and react accordingly but I'd still like to have a max attempts limit and be able to set a timeout duration (1 day, 1 week, after restart, etc).
0 -
FWIW, if coming under duress you can force IOS to require your PIN one time by clicking the power button 5 times quickly.
Yes, some OS level protections can be invoked, but not if you are sleeping, restrained, etc.
A lot of corporations use 1PW now, and I can see a corporate breach coming from an employee's phone being unlocked after a sales event party, lol.
In all seriousness, if the main phone lock FaceID is what we are falling back to, why even require FaceID to open 1PW at all? I have encountered exactly ZERO other apps doing this, and for my password manager to do this is scary.
I have reverted back to 1p7 with AutoUpdates disabled for now, in case they decide to add this 'feature' to 1p7 as well.
0 -
why even require FaceID to open 1PW at all?
Hey @steven1
I'm not entirely sure I'm correctly interpreting what you're saying, but Face ID is optional and can be turned off in 1Password's settings. 1Password > Settings > Security > Face ID. If I've misunderstood, could you please rephrase? Thanks!
Ben
0 -
Hi Ben,
Yes of course I know I can turn it off. You could probably guess what I meant, but I typed a little to fast there. I meant:
In all seriousness, if the main phone lock FaceID is what we are falling back to, why even require bother offering the option of FaceID to open 1PW at all?
To be clear, I said this in the context of the suggestion that under duress I could invoke iOS's emergency lock feature via 5 fast clicks of the side button, or long press of side and volume button. My point there was was as if that is what we were reliant on, then why bother offering FaceID for 1Pw at all.
0 -
I also miss the function to choose how often It asks for the Master Password
0 -
Fully agree on both points from OP. Please fix/bring back those features!
0
