1Password 5.1 - no PIN code anymore on 5S / Touch ID only with iOS keychain ?

pbaldapbalda
edited October 2014 in iOS

Hi.

I just upgraded to version 5.1 on Iphone5S.

I don't have an option any more to enable a PIN code setting and the Touch ID setting now explains
that my master password would be stored in the iOS keychain if I enable it.

Questions:
1) I really really don't want my master password in the iOS keychain. So I don't have a chance anymore to use Touch ID with 1password then ?

2) I could live with the old PIN code setting, but I can't find it any more in the Settings. Am I missing something ?

Regards,
Peter

Comments

  • MeganMegan

    Team Member

    Hi @pbalda,

    1) I really really don't want my master password in the iOS keychain. So I don't have a chance anymore to use Touch ID with 1password then?

    Please have a read through our CEO's latest blog post: Touching on Security and Convenience. This should explain the situation a bit more clearly. In particular, it is important to note that:

    The iOS Keychain item that contains your Master Password is never synced to other devices or backed up to iTunes or iCloud. It is also aggressively removed from the keychain whenever Touch ID authorization fails or if Touch ID or the device Passcode are disabled.

    2) I could live with the old PIN code setting, but I can't find it any more in the Settings. Am I missing something ?

    To avoid making the security settings really confusing, Touch ID enabled devices have the option to add Touch ID, and devices without Touch ID will see an option for the PIN code.

  • @pbalda You're right, the settings have changed - in the details about this update they say they've improved the preferences (by simplifying them it seems).

    Offering the possibility of storing your master password in the iOS keychain seemed to cause a lot of confusion with some users. What I would say is it's stored in a temporary way - it won't ever leave your iPhone and doesn't get saved to your iCloud if you have iCloud syncing of your keychain. It won't get stored as part of an iPhone backup either. The reason for storing it at all was because of how iOS works. On your computer programs run for as long as you want them too and it can be active in the background thanks to multitasking. iOS is a different beast and not only is any form of background processing quite limited but iOS can terminate an app at will. So the only way to ensure a PIN or use of TouchID was reliable was to make use of the keychain (but in a secure and temporary fashion). Otherwise what tended to happen is people would get annoyed when they'd have say TouchID set but then 1Password kept asking them for their master password because it had been terminated.

    As for not having the option of a PIN when you have TouchID. I'm figuring that's on purpose but it'll best be confirmed by somebody from AgileBits. You'd probably find if you were to disable TouchID completely that it would revert to asking for a PIN. You may be of a different opinion but I'd have thought TouchID would be preferable to a four digit PIN and quicker too no? Just to let you know though, using a PIN is the same as TouchID in regards to your master password being stored in the keychain and for the same reasons as above - it's the only way to ensure 1Password for iOS behaves in a more deterministic way.

  • I know this is a bit late, but I've just upgraded to iOS8 and the latest 1Password. I'm disappointed to find out that using touch id to unlock my phone means that I cannot use a PIN in 1Password. I'm not sure how much of a fan of using the touch id I am in general, but I'm not interested in using it to access my 1Password vault. I'd love to have the original functionality restored, so that even if I'm using touch id to unlock my phone, I'm still required to use master password and then PIN (for when I'm jumping back and forth to 1Password). I know I could disable touch id on the phone entirely, but I haven't gone that far yet. It'd be nice if the settings provided the choice: if touch id is enabled on phone, then select either touch id or PIN to use for the next 10 mins.

  • BenBen AWS Team

    Team Member

    Thanks for the feedback. :)

This discussion has been closed.