Two-factor security on the iOSapp soon? Two options from Master/Touch ID/PIN would be good

Hi - are there any plans to provide the option of two level security on the free iOSapp soon? Being able to set up two levels of security by selecting any two from Master/Touch ID/PIN would feel more secure.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Two-factor security on the iPhone app soon? Two options from Master/Touch ID/PIN would be good

Comments

  • LarsLars Junior Member

    Team Member

    Hey @andypeters192

    Thanks for the question! We try to say "never" as rarely as possible to any idea, because one of the primary tenets of what we do is that security is a process, not a product. But saying it even more accurately might be: security is a moving target. New threats emerge, new ways of protecting your data become available, or there are flaws discovered in older ones. You get the idea.

    So while I won't say "never" to this, and while it might feel more secure to be able to choose two of our three security mechanisms you've mentioned, it wouldn't actually be any more secure, because of the way 1Password works. Specifically, 1Password on your local device works via encryption, not authentication. Your Master Password is the only one of those three items you mentioned that actually creates the encryption key which transforms your data from a block of unreadable ciphertext into your familiar and user-friendly data.

    On iOS, the PIN code and Touch ID are simply two methods of quick unlock - a way to access the AES key which unlocks your data without having to enter your Master Password every time. So in a sense, your request is actually somewhat implemented already in that if quick unlock crashes or you use the wrong finger or enter an incorrect PIN code), you'll be forced to enter your Master Password. That's why the PIN code and Touch ID are methods you're required to specifically enable in Settings: because the safest way of all to use 1Password on iOS is to do exactly what you do on your Mac or PC: enter your Master Password every single time you want to use 1Password. The difference is that on iOS, you often have to switch away to another application to perform certain tasks, so if you had to re-enter your Master Password every time you switched back to 1Password, it would be a significant usability issue. So we allow an obfuscated version of a secret equivalent to your Master Password to be stored in the iOS keychain for easier access.

    The result is that every time you access 1Password, you either enter your Master Password or you provide a more convenient identifier, which just acts as verification that you can access the stored key...derived from your Master Password. In other words, it all comes down to your Master Password in the end. A truly competent thief/hacker who stole your device would not use the 1Password for iOS interface anyway to access your data -- they'd extract the raw data file and attempt to run password-cracking software on it, which is why we place so much emphasis on creating a good, strong Master Password.

  • Thanks for a really full and informative reply. I shall use my master password from now on, which isn't a bind really, and make sure it's strong. Not keen on any of my master info being left on iCloud so I don't use Keychain and erase all 1Password data on iCloud immediately after syncing.

    However, the motivation for my question was less about the risks to security in cyberspace or from phone thieves with skills to hack but more about the risk from less sophisticated thieves. If someone has a mind to grab my phone, strap me to a chair, and extract my master password from me with a baseball bat they have a degree of access to everything I own barring my house, which they wouldn't have had prior to me using a password manager. Previously they could do all of this yet not have access because frankly I couldn't remember half of my passwords to bank accounts and so on. Having some kind of two-level password entry option might drag the torture out just a little longer but improve the chances of hanging on to my hard-earned!

    Sorry if this sounds a little dramatic but having all my eggs in one basket plus the automation of login procedures available via 1Password leaves me feeling slightly vulnerable to that sort of scenario. One for the tech geniuses to think through no doubt....

  • brentybrenty

    Team Member

    hanks for a really full and informative reply. I shall use my master password from now on, which isn't a bind really, and make sure it's strong. Not keen on any of my master info being left on iCloud so I don't use Keychain and erase all 1Password data on iCloud immediately after syncing.

    @andypeters192: Just to be clear, your Master Password never leaves your device. And unless you use Touch ID or a PIN code, it is never stored locally either. You can read more about how that works in our knowledgebase.

    And given that your your 1Password data is end-to-end encrypted, 1Password simply doesn't depend on the sync service to protect your data. 1Password is secure by design, not by chance, and it's secure even if you do store it in iCloud.

    However, the motivation for my question was less about the risks to security in cyberspace or from phone thieves with skills to hack but more about the risk from less sophisticated thieves. If someone has a mind to grab my phone, strap me to a chair, and extract my master password from me with a baseball bat they have a degree of access to everything I own barring my house, which they wouldn't have had prior to me using a password manager. Previously they could do all of this yet not have access because frankly I couldn't remember half of my passwords to bank accounts and so on. Having some kind of two-level password entry option might drag the torture out just a little longer but improve the chances of hanging on to my hard-earned!

    I'm glad you're thinking about this seriously, but I'm not sure that this scenario makes any difference. After all, if someone is able to get your Master Password from you under duress, they could just as easily "extract" a PIN while they're at it...or your fingerprint. Of course it's your call, but if it were me I wouldn't want to prolong the torture! :dizzy:

    Sorry if this sounds a little dramatic but having all my eggs in one basket plus the automation of login procedures available via 1Password leaves me feeling slightly vulnerable to that sort of scenario. One for the tech geniuses to think through no doubt....

    Indeed. We will never stop thinking about these things, and I really appreciate you taking the time to share your thoughts and let us know where you're coming from. :chuffed:

  • BenBen AWS Team

    Team Member

    Hi @andypeters192,

    I'm not sure what happened, but your last message came through completely blank. Did you have a message for us?

    Ben

  • No just to say thanks

  • BenBen AWS Team

    Team Member

    Excellent. You're most welcome. :+1:

    If we can be of further assistance, please don't hesitate to contact us.

    Ben

This discussion has been closed.