iOS PIN Code [New feature]
I am extremely pleased to see that AgileBits have finally listened to customer feedback and implemented an independent PIN Code feature :chuffed:
We have previously refused to use 1Password in our organization as we are prohibited from using TouchID / FaceID to open any databases, cloud storage repositories, or 'sensitive information stores'. Because we work on government contracts our security guidelines require us to protect our users' devices with a complex passcode for first startup and optionally use TouchID thereafter (you have a maximum of 5 incorrect attempts).
Previously that would have meant our staff being forced to enter the long 1Password master password each and every time we opened the app (because it falls into all three restricted categories above) which would be incredibly inconvenient. The old policy of AgileBits would've meant that we couldn't use a short numerical PIN to open 1Password because we've got TouchID active. Now we can use a PIN to open the app we're much more likely to look at using 1Password for Teams in our organization.
Anybody reading this who wants to activate this new feature can do so in Advanced, Security, PIN Code; doing so will disable TouchID for 1Password.
The obvious scenario, there are others, in which this makes you more secure is if a criminal spoofs TouchID (using a latex impression) or FaceID (some technique will be discovered soon) to bypass your lock screen because 1Password will demand 'something you know', a PIN instead of TouchID or FaceID.
The majority of people won't need to use this feature to protect 1Password but for those working in high security environments, it's essential. I'm reliably informed that LastPass and other password managers have had this feature for a long time.
It may just be my imagination but I could swear the logo has changed ever so slightly: 50% pale blue ring at the top and 50% darker blue ring at the bottom. :+1:
1Password Version: 7.0
Extension Version: Not Provided
OS Version: iOS 11.1
Sync Type: Not Provided
Comments
-
Hi @darrenNZ,
Thanks for the feedback! I’m glad to hear this feature will be of help to you. Please be aware that a 4-digit PIN is much less secure (far less entropy) than Touch ID. :) I understand you have policies that you have to follow, but it may be worth evaluating those policies when they don’t add up.
About Touch ID advanced security technology - Apple Support
Thanks.
Ben
0 -
I appreciate what you're saying @Ben but they're not our policies; they're set by municipal government and I'm sure many other users will find themselves in the same boat as us.
The Apple article is correct but not relevant to this scenario because if you get the 1Password PIN wrong even once, it demands the Master Password. That's a very sensible safeguard ;)
The main gist of the article is that a PIN has a 1 in 10,000 chance of being guessed and TouchID a 1 in 50,000 chance. It's extremely unlikely that an attacker is going to guess the user's PIN on their first (and only) attempt. And that's assuming they've bypassed the lock screen TouchID (which we're allowed to use providing that the device is protected with an alphanumeric passcode and not a PIN).
Anecdotally I've heard that FaceID is very difficult to use in low-light scenarios despite Apple's marketing hype. I've heard it's unreliably in an environment with flashing lights / lasers etc. It would seem that their detection algorithm isn't up to par. I hope that's something they can rectify in a software update but the fact remains we have to use a PIN to access any any databases, cloud storage repositories, or 'sensitive information stores' and when used in combination with layered security, it's more secure.
It's better to rely upon multiple factors (TouchID to open the lock screen and PIN to access 1Password) than one factor for everything.
0 -
Understood. :) Thanks again for taking the time to write in with your perspective. :+1:
Ben
0 -
Thanks, @darrenNZ!
We've gone back and forth on this over the years. In the past, we've found that PIN-code unlock caused greater confusion for more people than it helped those who needed it.
This time around, biometric unlocking is familiar enough to people that adding extra options shouldn't be so much cause for confusion. And we have explicitly decided that you cannot use both PIN and biometric unlocking. That should simplify things.
0 -
I concur that biometric and PIN unlocking is unnecessary as any would-be attacker would have to bypass the biometric feature (if activated) before they could even attempt to break into 1Password. In this case a PIN with only 1 attempt before the master password is required is exceptionally secure. Somebody could argue that the device may be unlocked when the device is found but that's not an issue if a short Auto-Lock setting is in effect such as 30 Seconds or 1 Minute. Most enterprise MDM policies enforce a 1 Minute maximum for security reasons.
The other benefit which varies across different jurisdictions is that PINs are something you know and you can't (in most US states) be compelled to disclose it. If a user relied exclusively on the default settings (TouchID for the Apple lock screen & TouchID for 1Password) then they may encounter legal difficulties if compelled or forced to use their biometric. Using a PIN solves this problem. Apple do now have their own panic mode but it's not difficult to envisage there not being enough time to activate it.
Having the option is nice and greatly enhances security. It means that we as an organization can seriously consider 1Password for Teams (I use 1Password as an individual but previously we couldn't at work because of policy, we can now).
As the setting is hidden away in the Advanced screen I doubt that it'll confuse anybody as the only people looking in there will be more savvy users or those seeking more customizability (and the term PIN code is self explanatory albeit tautologous because it reads: "Personal Identification Number Code".
0 -
Thanks @darrenNZ. I share your general assessment, other than one thing I want to quibble with.
The other benefit which varies across different jurisdictions is that PINs are something you know and you can't (in most US states) be compelled to disclose it.
This is a bit of a myth that has been going around the tech community for quite some time. There are a couple of extremely narrow cases in which an argument was made that decrypting data was "testimonial" and so the suspect could not be compelled to decrypt. I believe that the number of cases in which courts decided in favor of the suspect in this can be counted on one finger. While there are cases in which that argument didn't work. (It depended on some very fine details about the case.)
But the arguments were about compulsory decryption and not about the password specifically. You can be compelled to decrypt stuff without revealing the password.
So the case law is extremely unsettled, but the fragments that exist do not point toward the distinction between a password and a biometric unlock as being anything remotely robust for various legal arguments.
0
