Feature request: PIN always required [will consider in the future]

edited December 2015 in Apple Watch

I have one feature request that I would like to see implemented at some point.
As of right now on the Apple Watch you have to put in a 4 digit PIN number to access the passwords. This is good, but I would prefer if I had to enter my PIN every time I access the 1Password from the Apple Watch. As of right now, when I access 1Password on the Apple Watch I only had to enter my PIN on the initial time that I installed 1Password. I have never had to enter my PIN again. This seems unsafe to me. I know it is supposed to ask me for my PIN at various times, but it never has.
If you could make it so I had to enter my PIN every time while accessing the Apple Watch app I think this would be much more secure.


1Password Version: 5.0.1
Extension Version: 4.4.3
OS Version: El Capitan
Sync Type: wifi

Comments

  • brentybrenty

    Team Member

    I have one feature request that I would like to see implemented at some point. As of right now on the Apple Watch you have to put in a 4 digit PIN number to access the passwords. This is good, but I would prefer if I had to enter my PIN every time I access the 1Password from the Apple Watch. As of right now, when I access 1Password on the Apple Watch I only had to enter my PIN on the initial time that I installed 1Password.

    @DeadZone44: It's important to remember that the security of 1Password on Apple Watch depends entirely on the OS. This isn't a bad thing, but it is different than what we're all accustomed to with 1Password for iOS, which is able to encrypt your data itself.

    Part of the reason there is no option to store all of your 1Password data on your Watch is because it's important to take this into consideration and explicitly choose what is stored there. Also for example, when adding a Login item to Apple Watch, only the TOTP code is sent over if present, rather than making all login credentials available there.

    I have never had to enter my PIN again. This seems unsafe to me. I know it is supposed to ask me for my PIN at various times, but it never has.

    There are no 'various times' when 1Password on Apple Watch can ask for your PIN. iOS encrypts the data and then transfers it via bluetooth; then watchOS decrypts and displays it as needed. Ultimately, 1Password cannot run in the background to lock after a specified time interval; and watchOS gets to decide when to remove it from memory, at which point 1Password will require you to enter your PIN. Watch apps simply don't have the control even that iOS apps do.

    If you could make it so I had to enter my PIN every time while accessing the Apple Watch app I think this would be much more secure.

    It isn't something we can do at this time. That said, we'll certainly explore this and other options as Apple Watch hardware and software matures. Better control over locking is on our list too; it just isn't possible with what we have today.

    In the mean time, however, you can Force Touch to lock 1Password on your Watch at any time. And of course when you lock the Watch itself — either manually or by removing it — everything on the Watch is secured using your passcode, which is of course the foundation of watchOS security. I hope this helps. Let me know if you have any other questions! :)

  • In the mean time, however, you can Force Touch to lock 1Password on your Watch at any time. And of course when you lock the Watch itself — either manually or by removing it — everything on the Watch is secured using your passcode, which is of course the foundation of watchOS security. I hope this helps. Let me know if you have any other questions! :)

    I had no clue about this feature - I am good to go.

  • brentybrenty

    Team Member

    Indeed, I find that to be a handy feature too! Force Touch isn't something that's particularly obvious, so my favourite Apple Watch tip is to just try it everywhere. You'll be surprised what you find in all sorts of apps! :)

    That said, I certainly don't want to give the impression that there isn't room for improvement. Force Touch to lock is a very handy manual option, but hopefully in the future we'll be able to support automatic locking more similar to 1Password for iOS too. Cheers! :)

  • Perhaps I'm not understanding the 'force touch' suggestion. I see how it locks the 1Password screen, but for what purpose? It's not using my fingerprint, just a press.. so therefore anyone can do this, not just me. What am I missing?

  • chrisdjchrisdj AgileBits Support

    Team Member

    Hi @Eeyore,

    If you have a PIN set to unlock 1Password for Apple Watch (you can set this in the 1Password for iOS, under Settings > Apple Watch), then a PIN will be needed when you first launch 1Password for Apple Watch. After unlocking 1Password for Apple Watch with the PIN, closing the app may not lock right away, due to how watchOS handles closed apps on the Watch. Therefore, we added a Force Touch gesture to 1Password for Apple Watch to show a Lock button, which will then require the PIN again to unlock.

This discussion has been closed.