Enable pin unlock on touch id capable devices.

jnmorganjnmorgan
edited July 2016 in iOS

My touch ID doesn't work consistently on my iPhone, but I would still like to be able to quickly unlock my vault. Please enable pin unlock on touch ID capable devices. Pin unlock is wonderful on my other devices.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:pin unlock

Comments

  • brentybrenty

    AgileBits Team Member

    @jnmorgan: I'm sorry to hear that your Touch ID doesn't work correctly! Perhaps that's something Apple could help with. We can consider making a PIN an option on Touch ID devices in the future...but I'm not sure that's useful for others not in your unfortunate situation. :(

  • benfdcbenfdc Perspective Giving Member
    edited May 18

    The feature would be useful for others who ARE in @jnmorgan's unfortunate situation. Like, for example, my father.

    It's also a feature that ANY security-conscious user might want to activate at, e.g., airports. And let me generalize this. For most users in most circumstances, Touch ID is more secure than a PIN. But not all users and all circumstances. It all depends on the threat model, and the threat model can change depending on the situation.

    What exactly is the problem with offering users this option?

    I actually think there ought to be a third option, and it shouldn't be hard to implement. There are times when 1Password prompts me for my master password but there is a fingerprint icon that i can press to use Touch ID instead. If the user has set a PIN, [optionally] put a PINpad icon there as well. Easy-peasy, no?

  • wkleemwkleem
    edited May 18

    Doesn't 1Password already ask for the Master Password with TouchID enabled after a set number of days? Perhaps the x (time allowed) can be configurable?

  • BenBen AWS Team

    AgileBits Team Member

    It is unlikely that we'll offer a PIN option on Touch ID enabled devices.

    What exactly is the problem with offering users this option?

    Complexity. More options makes for more places for things to go wrong, more edge cases, more support, more documentation, and a less manageable code base. That isn't to say that options are always a bad thing, but it is important that they are carefully scrutinized. This thread was started back in July 2016, and you can see how much demand for this there has been.

    Just one thing to think about:
    What happens when someone makes a backup from after we (theoretically) add this option, then restores it to a device with a version of 1Password older than the option? We already occasionally run into a problem like this when people restore a backup of a PIN protected 1Password file onto a Touch ID enabled device.

    I actually think there ought to be a third option, and it shouldn't be hard to implement.

    Difficulty to implement isn't the only factor to consider.

    There are times when 1Password prompts me for my master password but there is a fingerprint icon that i can press to use Touch ID instead.

    This should happen when your device reboots if you've selected "never" for 1Password > Settings > Advanced > Security > Require Master Password (the default).

    If the user has set a PIN, [optionally] put a PINpad icon there as well. Easy-peasy, no?

    I'm not a developer so I don't presume to know how easy or difficult their jobs are. ;) But I can say that there as been resistance to adding additional complexity to the lock/unlock system.

    Likewise I'm not a mechanic so I never assume their jobs are easy. Changing a spark plug seems like it should be an easy task, until you consider you may have to tear half the engine apart to get at it. ;)

    Doesn't 1Password already ask for the Master Password with TouchID enabled after a set number of days? Perhaps the x (time allowed) can be configurable?

    It is. The path to the setting is outlined above.

    I understand that it is frustrating when developers don't add features you've requested, especially when they seem easy to implement. But we have to look at the big picture too, and see if what is being requested fits.

    Ben

  • So 1Password is designed to house everyones passwords and information in one database requiring one password to access it all...hence the name 1Password. So here are my quick thoughts. When using the fingerprint to log in, someone could simply place your thumb on your phone and log into the app and gain access to EVERYTHING. Such as crazy girlfriends or whatever it may be. I have a simple request, add an option in the settings where once I place my finger on the fingerprint scanner, a 4-digit required pin pops up so i can quickly put that in. It's faster than having to type in my lengthy master password, which i feel more secure doing but it takes more time. whereas i can use my fingerprint then quickly enter that 4-digit pin and not have to worry about someone getting access to everything with just my fingerprint.
    Thank you


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • Drew_AGDrew_AG

    AgileBits Team Member

    Hi @hancawk,

    I hope you don't mind, but I've merged your post with another forum thread about the same topic.

    Thanks for taking the time to send us your request! We don't have current plans to add a PIN code option on devices with Touch ID, but it's an interesting idea. For some more information about this, please take a look at the other posts in this discussion (especially Ben's reply above).

    We appreciate your feedback, so if you have more suggestions (or questions, or need help with 1Password), please don't hesitate to let us know. Have a great weekend! :)

  • Well yeah kinda I wanted my own discussion about it because it a GREAT idea. Why wouldn't you add it? Does no one think that someone can easily place your thumb on the touchID in your sleep and suddenly gain access to EVERYTHING? Shouldn't this app protect yourself from friends and family and anyone else.

  • You need to be considering ALL possibilities if you want to be the worlds leadig password vault app and if you want to ensure security for all its users.

  • Drew_AGDrew_AG

    AgileBits Team Member

    Hi @hancawk,

    I wanted my own discussion about it because it a GREAT idea.

    It sounds like you saw this existing discussion before opening a new thread? There's really no need to have a separate discussion about this since there was a recent thread about the exact same topic. We'll see your post either way. ;)

    Why wouldn't you add it?

    Did you read Ben's post from yesterday? I think that should help to answer your question. We're not saying we'll never add a PIN code option on Touch ID devices, but we don't currently have plans to do that, and Ben's response goes into more detail to explain why.

    I'm sorry that's not the answer you want to hear! Please let us know if you need anything else or have more questions about that. Cheers! :)

  • Just saying it probably should have been incorporated a long time ago into the app and am confused as to why it is even a topic for debate. But hey I don't work there and don't know what's going on. I'm not the only one who thinks it's a good idea

  • Drew_AGDrew_AG

    AgileBits Team Member

    Hi @hancawk,

    There doesn't seem to be much demand for this, but you're right - there are definitely other customers who are interested and think it's a good idea. At the very least, there are a couple who also requested it earlier in this discussion (although I'm sure there are others).

    But even if you and other customers think it's a good idea, that doesn't mean we'll add it. We receive a lot of different feature requests from customers every day, and those features are all really important to the people who request them. And even though we truly want to make our customers happy, the reality is that we can't add all of the features they ask for, regardless of how good an idea it might be or how long they've been requesting it. As Ben mentioned, there are a lot of factors to consider.

    Now, I know you consider this to be a security issue because it's possible for someone to put your thumb on the fingerprint scanner while you're asleep. If that's a concern for you, I highly recommend turning off the Touch ID option so your master password will be required to unlock 1Password. It takes more time to type your master password of course, but that's an issue of convenience, not one of security.

    Also, if you're worried about someone using your fingerprint while you're asleep, iOS gives you the option to use a PIN code to unlock your device instead of Touch ID. In the Settings app, go to Touch ID & Passcode and turn off the option for iPhone Unlock. You can still choose to unlock the 1Password app with Touch ID, but unlocking the phone will require a PIN code, so no one will be able to unlock your phone or 1Password while you're sleeping.

    Again, we really appreciate you sharing your thoughts with us. Have a great weekend! :)

Sign In or Register to comment.