TouchID: Can you dig further into why "Don’t share the password you use to log in to your Mac"?
Hi,
I've read the About Touch ID security in 1Password for Mac document and noticed the part where it says:
Don’t share the password you use to log in to your Mac. If you enable Touch ID in 1Password on your Mac, it’s important that you guard the password you use to log in to your Mac closely. Anyone who knows it can unlock 1Password.
Can you dig a little bit deeper into why this is so? I'm using my Mac in a corporate-provisioned environment, so admins may be able to reset my password / log in as me. Would that put in jeopardy my database security? If that's so, then, for any person using TouchID unlock, wouldn't they be removing security from their Master Password and make access to the database with a password that is only as strong as their Mac OS login instead (thus, undermining security - and rendering useless - the complexity of the Master Password)? Because, as that document says, if somebody gets his or her Mac OS login password, and that user had TouchID enabled (in any case; not only corporate devices), wouldn't they get access to the Vault?
I don't get how having the login password allows to "Anyone who knows it can unlock 1Password". Can you elaborate on this further?
I've tried searching for information here and on Reddit, without any results.
Lastly, given my current scenario, would you please give a recommendation on if I should use (or not) TouchID to unlock my database?
Thanks in advance for any comments on this you can provide.
Comments
-
@Dan_Aykroyd: In order for you to not have to enter your Master Password to unlock 1Password, a secret equivalent to your Master Password needs to be stored somewhere. As mentioned in the article you linked to,
When you enable Touch ID, 1Password stores an encrypted secret on disk. This secret is used to decrypt your 1Password data when your fingerprint is recognized. The secret is encrypted using an encryption key stored in the Secure Enclave, which only 1Password can access.
Giving someone access to your Mac and your user account password could allow them to get the "secret" used to allow Touch ID to (indirectly) decrypt your data.
We're not in a position to tell you what is/isn't right for your personal (or work) situation, but if you are not comfortable trusting that an admin won't access your machine without your permission, you may want to "store" your Master Password only in your head and enter it yourself to access your 1Password data.
0 -
Thanks once again Brenty for replying here too.
If that's the case, then I imagine a lot of people are affected by this and might not even realize; people sharing a computer with family and friends under one user name, without a care in the world.
What you say, about unlocking the database with the secret, how feasible is that and is there a way for me to manually recreate that? I mean, how can I test the security by already having access to that secret, what would it take for me to gain access to my database using it and bypassing TouchID? I'm trying to understand if it's a very convoluted way or if its a trivial thing to achieve.
Thanks!
0 -
@Dan_Aykroyd: Indeed, with regard to a shared computer in a family, we (and Apple) always recommend using separate user accounts for that reason. That's why the feature exists, after all. Even when there isn't any malfeasance involved with the individuals using the computer under the same account, sharing that means sharing the fallout of one person making a mistake and installing malware; an accident affects everyone else as well.
As far as an attacker to retrieving the "secret" from the macOS Keychain and decrypt it using the "key" stored in the Secure Enclave, it is not trivial, but "how feasible" will depend on the attacker and overall security of the OS, neither of which I can speak to definitively. For example, in the past there have been known exploits that allowed malicious apps to bypass restrictions on what they could access in the Keychain. Those have been fixed, but it depends on you staying up to date, and it assumes that there aren't other vulnerabilities which are not yet known to us. I'm sorry I don't have a more definitive answer for you, but a lot of it is "it depends", and ultimately the security of Touch ID itself is Apple's domain. There are some good links at the end of that article, such as Apple's documentation though.
0 -
To add to what Brenty said, doing what we're talking about here would require a level of technical expertise and a level of malice. It isn't as though this could happen "accidentally" just because you share a macOS user account with someone. Someone would have to know enough to execute such an attack against you, and choose to do so. I would put forward that if you're sharing an account with someone in that position you may have other difficulties. At work, consider that IT could simply install a keylogger without your knowledge or permission if they wanted to access the information that you were accessing from your work computer. As such it may not be the best idea to access personal information at work, particularly if you know your workplace wouldn't want you doing so. Not that it is likely, but in theory they could be recording your screen, and tactics like that or a keylogger would likely be more effective (and justifiable) that attacking your 1Password data.
Ben
0 -
Thanks for both you replies Brenty and Ben; those were some good points of view to assess whether to enable TouchID or not.
Have a great rest of the week!
0 -
You're very welcome. You as well. :)
Ben
0
