The Chaos Computer Club in Germany always recommends not to use biometric identification as a security features (see e.g. hacking the fingerprint Similar hacks are known for face recognition etc. Thus I am convinced not to use such authentication methods.
Now my questions:
From my point of view this feature is heavily compromising security in favour of usability (even when considering, that you provide options to enforce the Master-Password to login: it feels strange that there is a simple way of accessing my most precious data). Does this reflect the general strategy at 1Password? And if yes, why was this decision made?
I read multiple times, that the Master-Password ist not stored anywhere, but together with the Secure-key it forms the decryption key of the 1Password data. If the password is not stored, how is it possible to decrypt the data file with Touch-ID?
Thanks for your help;-)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:touch id