Security on the iOS device

camner

I've just read the [url="http://help.agile.ws/1Password_touch/how_secure_is_syncing.html"]wonderful article about 1P iOS security[/url] that Agile has provided. I think I understand it, but I'd like to verify my understanding of a couple of things...



1. The "master password" on the iOS device need not be the same as the "master password" on my Mac. Aside from paranoia (justified?) is there any reason why I should make these master passwords different? There's no way for anyone who has my iPhone to actually see the device master password, right?



2. The 4 digit unlock code on the device only gives access to the app interface itself. Therefore, someone who compromised that would be able to see my list of sites for which I have passwords, but would not be able to actually access any of those sites because they would need the master password to proceed.



Correct?

khad

Camner, you're on a roll today! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



[quote]The "master password" on the iOS device need not be the same as the "master password" on my Mac.[/quote]

True.



Your master password does not have to be the same between 1Password for Mac and 1Password for iOS. Many users like to have a less-complicated one in iOS because of the interaction using the smaller virtual keyboard. Because they do not have to be the same, they are never synced from one device/platform to another.



[quote]Aside from paranoia (justified?) is there any reason why I should make these master passwords different? There's no way for anyone who has my iPhone to actually see the device master password, right?

[/quote]

Mostly true.



There is not a need to have different passwords. It does add another level of security in a theoretical sense, but practically speaking it also may add another attack vector if you choose a weak master password on your iOS devices. Using the same master password can be much simpler. Just make sure you [url="http://forum.agile.ws/index.php?/topic/1774-choosing-a-good-master-password/page__view__findpost__p__10902"]choose a good, long one[/url]. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



[quote]The 4 digit unlock code on the device only gives access to the app interface itself. Therefore, someone who compromised that would be able to see my list of sites for which I have passwords, but would not be able to actually access any of those sites because they would need the master password to proceed.[/quote]

Not entirely true.



If all of your Logins are High Security (as mine are), what you say is correct.



However, all of your Low Security items (ones for which Master Password Protection is OFF) will be completely visible. Logins created within 1Password for iPhone default to Low Security, while items created in 1Password for Mac default to High Security. You can change the security level at any time by editing an item.

camner

[quote name='khad' timestamp='1286224430' post='12682']

Camner, you're on a roll today! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

[/quote]

Yup. Today is 1Password day!



[QUOTE]

There is not a need to have different passwords. It does add another level of security in a theoretical sense, but practically speaking it also may add another attack vector if you choose a weak master password on your iOS devices. Using the same master password can be much simpler. Just make sure you [url="http://forum.agile.ws/index.php?/topic/1774-choosing-a-good-master-password/page__view__findpost__p__10902"]choose a good, long one[/url]. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

[/quote]

"A good long one" would probably fail my "fumbling fat fingers" on the iPhone keyboard!



[quote]

Not entirely true.



If all of your Logins are High Security (as mine are), what you say is correct.



However, all of your Low Security items (ones for which Master Password Protection is OFF) will be completely visible. Logins created within 1Password for iPhone default to Low Security, while items created in 1Password for Mac default to High Security. You can change the security level at any time by editing an item.

[/quote]



Which I didn't notice because I've never created a new login from the iPhone app, only from my Mac, so everything was "High Security" without my realizing there were two options!



Thanks for your help.

khad

Every day is 1Password day here at Agile. Haha! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



There is a solution to "[url="http://www.wired.com/gadgetlab/2010/02/korean-iphone-stylus-its-made-of-meat/"]sausage fingers[/url]." <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



We recommend creating logins on the Mac, since the form elements are automatically populated in the login due to the browser integration 1Password for Mac offers. The situation is, unfortunately, [url="http://help.agile.ws/1Password_touch/mobile_safari_extension.html"]a little bit different for iOS[/url].



Stay secure,

camner

[quote name='khad' timestamp='1286233503' post='12700']





There is a solution to "[url="http://www.wired.com/gadgetlab/2010/02/korean-iphone-stylus-its-made-of-meat/"]sausage fingers[/url]." <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />

[/quote]

Unfortunately, the link led to a 404-Not Found error, but I suspect "iphone-stylus-its-made-of-meat" gives me enough information <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/dry.gif' class='bbc_emoticon' alt='<_<' />

khad

<img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />