Can I use my unlocked phone 1PW app to unlock my Mac 1PW app?
I have 1PW on my phones, iPads, and Macs. On the phones and the iPads I rarely need my master password because I can use Face ID or Touch ID most of the time. On the Macs, I need to constantly type the master password which is (good for me!) long and complex, and a total PITA to enter.
Is there some way to use the unlocked phone 1PW app to authenticate the Mac 1PW app without all that typing?
PS: I'm aware that the newer MacBook Pros have Touch ID. I have an older Macbrook Pro and several iMacs.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@Tangible: No. It is not possible to use 1Password on one device to unlock another. It would certainly be a cool feature, but there is no facility in place for this in the OS(es), and that makes it problematic for us to do something like that securely, since we do not want to save or transmit the Master Password. The Keychain on macOS is not as robust as on iOS, and Touch ID/Secure Enclave is local-only. But perhaps someday it will be possible. Here's hoping. :)
0 -
There are a few products available where, using a Bluetooth connection, you can use your phone to unlock your computer. For example: https://macid.co/. Could this be extended so the phone could be used to authenticate and unlock 1Password on the desktop Mac (or non-TouchID MB Pro)?
Alternatively, implement PIN code functionality for the desktop version as you have on iOS.
0 -
There are a few products available where, using a Bluetooth connection, you can use your phone to unlock your computer. For example: https://macid.co/. Could this be extended so the phone could be used to authenticate and unlock 1Password on the desktop Mac (or non-TouchID MB Pro)?
@mitoids: I've used that. But they're storing the password in the Keychain. Other software can access that, so it's not really sufficient for our purposes.
Alternatively, implement PIN code functionality for the desktop version as you have on iOS.
The PIN option only ever existed on mobile devices because they almost never have full sized keyboards. It's not great for security, and there's just no good reason to offer that on a computer, where it is much easier to type.
0 -
Another approach would be to have the unlocked 1pw app on the phone display a constantly changing 6 digit code that 1pw on the desktop would recognize in lieu of the master password. There are lots of approaches that wouldn’t require transmission of the master.
@Tangible: That's certainly one approach. But then what, is anyone who wants to use it anywhere not private just out of luck? And whatever you enter has to somehow be Master Password equivalent, and be stored somewhere; yet there isn't really a good way to do that currently. Maybe someday.
0 -
If the number changes every 30 seconds, it’s of no value to an onlooker.
If the number changes every 30 seconds, then it's essentially a TOTP code, which is a shared secret between the two devices...and which also must be stored somewhere. This is what a shared TOTP secret looks like:
otpauth://totp/1Password:someimportantsite.com?secret=IC6XJEIKVQJYZQ7&issuer=1Password&skid=KYYCMCIn order for both devices to be able to use that, this type of secret would have to be stored somewhere, which means an attacker would not need to try to guess what randomly-generated six-digit code would be "next" or what the current one is, they just need this string. And if it's stored somewhere, it's also retrievable. As brenty said, we're just not willing to do that in a way that presents too large an attack surface. To be clear, 1Password for Mac does have a quick unlock method; it has Touch ID...on Touch ID-capable Macs. That's because that system works with the Secure Enclave Processor (SEP), meaning what's stored there is not accessible to the general file system (and therefore orders of magnitude more hack/theft-proof). We'd love to be able to offer easier unlocking on the Mac, and as soon as we see a way to do it that doesn't unacceptably compromise security, we will. :)
0
