1password Touch Id



  • 1Password 5: Touch ID and Safari/App Extensions. As I said, I was really excited about this.So far, it has not quite worked out the way I expected. The Safari extension prompts me for my master password every single time, even though I have set the master password timeout to 30 days.
  • Use Touch ID After setting up Touch ID, open 1Password. If 1Password is locked, you’ll see a message that “1Password is trying to unlock.” To unlock 1Password, place your finger on the Touch ID sensor.
  • Move your existing 1Password data to a 1Password account; Save and fill passwords in your browser; Sync your 1Password data; Upgrade to 1Password 7 for Android; Upgrade to 1Password 7 for Mac; Upgrade to 1Password 7 for Windows; Use Face ID to unlock 1Password on your iPhone or iPad Pro; Use Touch ID to unlock 1Password on your iPhone or iPad.

by Akul Tomar

On Macs, you can use Touch ID to unlock 1Password, and on iOS devices you can use Face ID as well. For $60 a year, you can cover a family of five, sharing passwords, credit cards and anything else.

It is a common observation that users drop off a little on your login screen. This is how I tackle my facebook addiction? . This tutorial teaches you how to utilize Touch ID for a faster and easier login. I’ll take you through the steps soon, just let me brief you a little.

Most apps use Touch ID as a second degree authentication. This tutorial is NOT about providing a second degree authentication (although you can do that too if you read this article). It’s about using Touch ID to make that server call to login the user.

Now how do you get the user’s credentials from their thumb print to make that server call? ? This is where Keychain service comes in. When the user signs up or logs into your app for the first time, save the credentials to your app’s keychain. Next time, when the user logs out and then visits the login screen again, flash a popup asking them to login using Touch ID. When the user provides a valid Touch ID, get those user credentials you saved earlier to the keychain, make your API call, and Boom!?.

So there are two steps involved here:

  • First, you need to save the user’s credentials to the keychain. You can do this when the user signs up or when they log into your app for the first time.
  • Second, use Touch ID to verify the user, then retrieve their credentials from the keychain service.

I’m using KeychainPasswordItem, a nice wrapper over Keychain available on developer.apple.com here. They have a very good, detailed example on how to use this generic keychain. Go have a look.

As part of the first step, use the call method below with the user’s email as account and password when the user signs up and logs in.

We are storing the user’s email to UserDefaults to be used later. It would be better if you flash a popup to ask the user’s permission to use this feature. I’m skipping that part for this tutorial?.

Use Touch ID to access the keychain

To use Touch ID, you first need to add the LocalAuthentication framework to your project binaries. You can do this by going to Project > Build Phases > Link Binary With Libraries:

Next, import the LocalAuthentication framework in your login view controller.

We’ve filled our userName textfield with the user account email we saved earlier to UserDefaults.

Login1password Touch Id

Next, we need to check whether authentication is possible on the current device. Check out the following code:

We invoke authenticateUserUsingTouchId() in viewDidAppear(). LAContext is a subclass of NSObject, and represents our current authentication context. Now, if authentication is possible, validate Touch ID’s authenticity by calling evaluatePolicy()

context.evaluatePolicy() gives us the Touch ID popup with our last accessed user name, which we gave as our localizedReason in the evaluatePolicy() method.

This completes Part 1 of Step 2: getting the user to authenticate using Touch ID. Next up is using Touch ID to access the Keychain where we save or retrieve user credentials for login.

When the user provides a valid Touch ID, we need to load the password from the Keychain and make our POST call to login the user.

That’s it! You can upgrade your authentication framework to support multiple accounts. After verifying Touch ID’s authenticity, flash a popup and ask the user to select the account they wish login. Then retrieve the user’s credentials corresponding to that account from the Keychain. Thanks for reading!

Learn how 1Password protects your data when you use Touch ID on your iPhone or iPad.

When you turn on Touch ID on your iPhone or iPad, you can unlock 1Password with your fingerprint. Because you can unlock 1Password so easily, you can use a longer and more secure Master Password than you might otherwise have chosen, and you can use 1Password more often and in more places.

Your fingerprint is not stored in 1Password

1Password never scans or stores your fingerprint. Touch ID is provided by iOS, which only tells 1Password if your fingerprint was recognized or not.

Learn more about Touch ID advanced security technology.

Your Master Password still protects your data

Apple hasn’t designed Touch ID as a replacement for your device passcode. In the same way, using Touch ID in 1Password doesn’t replace your Master Password or undermine the security of 1Password. Your data is encrypted with your Master Password, and that remains true even with Touch ID turned on.

Touch Id Password Reset

At any time, you can manually lock 1Password to make sure that your Master Password will be required instead of your fingerprint. In 1Password, tap Settings > Security > Lock Now.

You can also tell 1Password to require your Master Password after restarting your device or after a specific amount of time. Go to Settings > Advanced > Security and change the Require Master Password setting.

Your Master Password is stored securely

When you turn on Touch ID, 1Password stores in the iOS Keychain an obfuscated version of a secret that is equivalent to your Master Password. The secret is used to unlock 1Password when your fingerprint is recognized.

It’s important to understand that the iOS Keychain is not the same thing as iCloud Keychain. Indeed, the secret is stored in a way that makes sure it will never leave your iOS device, not even for backups. 1Password uses the kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly attribute to store the secret, which means that:

1password Touch Id Change

  • Your device must be unlocked for the secret to be accessible.
  • Your device must have a device passcode set. If you turn off your device passcode, the secret is deleted.
  • The secret cannot be restored to a different device.
  • The secret is not included in iCloud backups.
  • Only 1Password can access the secret.

If you are using 1Password 4 on iOS 7, the device passcode requirement is not enforced. Be sure to set a passcode for your device.

1password Touch Id Iphone

1Password removes the secret from the iOS Keychain:

1password Touch Id

  • When your fingerprint isn’t recognized three times in a row
  • When you tap Settings > Security > Lock Now
  • When Require Master Password is set to After Device Restart in Settings > Advanced > Security, and you open 1Password after restarting your device
  • When the amount of time in Settings > Advanced > Security > Require Master Password has elapsed and 1Password is open

1password Touch Id Account

Protect yourself when using Touch ID

The advantages of using Touch ID far outweigh the risks. Follow these tips to stay safe with Touch ID:

  • Remember your Master Password. If you use Touch ID frequently, it may be easier to forget your Master Password because you’re not regularly typing it.

  • Don’t share your device passcode. If you turn on Touch ID in 1Password on your iOS device, it’s important that you guard your device passcode closely. Anyone who knows it can enroll a new fingerprint, and all enrolled fingerprints on the device can be used to unlock 1Password.

  • If you’re concerned someone may attempt to use your fingerprint without your consent, manually lock 1Password. Retrieving your Master Password from your mind while you sleep is still in the realm of science fiction. However, your fingerprint can be used without your consent whether you’re sleeping, unconscious, or otherwise. If you anticipate such a situation, you can manually lock 1Password to make sure that your Master Password will be required instead of your fingerprint. In 1Password, tap Settings > Security > Lock Now.

  • Don’t jailbreak your device. Someone with physical access to your device could theoretically access the secret that 1Password stored in the iOS Keychain. However, that would require unlocking the device, jailbreaking the device (so that something other than 1Password can read the iOS Keychain data that belongs to 1Password), and defeating the obfuscation of the Master Password. If you jailbreak your device, you are willingly defeating one of the strongest defenses against such an attack.

Learn more