Password manager for iOS and OSX

I don't know of anything like this. But if it's possible I would suspect 1Password would be the first to implement something like this.

braintumor said:

Hey Folks,
I'm not sure if something like this exist (without jailbreak), but it would be awesome to have a password manager on iOS and OSX that will use the TouchID sensor of the iPhone.
I know it already exists for iOS devices, but what would be totally awesome if we could use the touchID to use for passwords on OSX devices (possibly even windows).

<snip>

Click to expand...

Hi there.

There are limitations in what you can do with TouchID. I'll get fairly technical here so stop me if you have questions.

As a developer we can ask for TouchID to be used and it pops up the scanner display. When this is done you touch your finger to the TouchID panel and it determines if it's the same print in the secure enclave in the phone.

When the prints match, we receive a solitary "Yes" response.

When the prints do not match, we receive a solitary "No" response.

Now, encryption is a complicated beast, but what more or less happens is lots of math. When a vault is created we generate an encryption key (256-bit in size) then protect the key by your master password (using PBKDF2, this is all simplified a great deal). When we encrypt your data we use the 256-bit key.

A "Yes" and "No" response can't replace the 256-bit key.

Now, jailbreaking things, I have no idea how this changes the output that you get from the TouchID scan. It's possible it gives you more when jailbroken. But using Apple's current API we are unable to do what you want without jumping through a lot of hoops that could break really easily

Maybe something that will happen with iOS 9 or whatever they release next year.

braintumor said:

Thanks for the fantastic response...

I'm just curious, but since 1password already exist for iOS devices, wouldn't it be somehow possible to pair a specific iPhone (with TouchID) with a specific OSX device that also has 1password installed?
So that only the two specific paired devices can communicate with each other through 1password, but the TouchID verification happens exclusively on the iPhone and with succes the encrypted masterpassword is supplied to the specific OSX device (with 1password installed).
Maybe it would be even possible to use an encrypted bluetooth handshake (or other forms of simple but secure P2P communications) between the two devices to achieve the highest possible security.

Sorry for the dumb suggestion and I guess you guys are mostly dependent on what Apple allows you to do or not through the APIs and still be able to provide the highest possible security for the users...

Click to expand...

You're very welcome.

While what you say is technically feasible. I'm not sure of the security implications. Bluetooth is hardly a secure transport. If you've ever had to setup a keyboard or similar tool on a new computer you have to supply it with a 4 or 5 digit code. This is really all that's protecting data typed from a device being sent to a computer. Otherwise I'm not sure there's a lot of encryption happening by default. We could possibly encrypt it again ourselves but then you have the trouble of how you share the keys between devices and that can get complicated in a hurry.

The real hurdle I think is finding a reliable way to transmit the data from the iOS device to the Mac. Wifi isn't a very good option due to firewalls, and in a lot of cases network configuration that has to happen (we see it with wifi sync in general and it's not pleasant), bluetooth is another option but hardly secure and not always reliable. Not sure about you guys but I often times have to fiddle with bluetooth devices to get them to be recognized by the computer again.

It's certainly a neat idea, but I imagine that if Apple wants to do this they'll simply implement it in their Macs and hopefully we can integrate with it like we can on iOS. That would remove a lot of the complication.

There are so many other ideas we could implement that aren't as technically tricky but could be used by a lot more users. Odds are our time would be better spent on those. I'm not sure where other password managers would rank this type of feature on their todo list though.

braintumor said:

Thanks again AGKyle for giving a very clear answer,
I can see that its difficult to realize this... I also hope that Apple will install TouchID on their OSX devices then we wouldn't have this problem anymore.

Anyway, good luck with all the upcoming features.

Click to expand...

My pleasure I'll pass your feedback along to the developers though. Perhaps they'll find it valuable in determining future features!

If you ever have any questions about 1Password please don't hesitate to contact me or my colleagues, we'll be happy to help however we can.