Security and privacy

About 1Password security on Apple Watch

Learn how to protect your data when you use 1Password on your Apple Watch.

You control your secrets

You are in control of whether 1Password items are made available to your Apple Watch and which particular items are not.Add to Watch Only the items that you choose to add to your Apple Watch are included.

We advise against using it for things like your online banking password, email access password, or nuclear missile launch codes. It is better suited for things like one-time passwords, bicycle lock combinations, and perhaps a password for a low security service that you use frequently.

When you enable the Apple Watch features in 1Password on your iPhone, you are told:

Enabling Apple Watch allows you to add items of your choosing to your watch. These items will be stored in the iOS Keychain. Tap ‘Learn More’ to understand the security implications of adding items to Apple Watch.

Indeed, you may be reading this document as a result of tapping ‘Learn More’ on that screen. You’ve come to the right place.

Understand the risks

Apple’s WatchKit provides secret and authenticated communication between your Apple Watch and your iPhone. When you set up your Apple Watch you “pair” it with your phone in a manner that prevents anyone else from obtaining data sent back and forth between your phone and watch.

Although the communication between your iPhone and your Apple Watch is protected by WatchKit security, copies of items that you add to Apple Watch will be stored on your iPhone in a less secure manner than is typical for 1Password. When you select an item to “Add to Apple Watch”, the item’s details are stored in the iOS Keychain on your iPhone. At that point they are only protected by your device passcode, rather than your 1Password Master Password.

As a consequence, someone who has access to your watch while your phone is in range may be able to see the items stored on it. This is similar to how an intruder could peek at the credit cards in your wallet if it were left on a table. But just like a physical wallet, 1Password for Apple Watch is a great tool to have with you as long as itโ€™s used responsibly.

Why are Watch items stored in a less secure way?

When you use 1Password on your iPhone or iPad, both the device and 1Password must be unlocked for your items to be available to you. But the items you choose to display on your watch should be accessible even if 1Password is locked on your iPhone and even if your iPhone itself is locked.

After all, if you needed to take out your iPhone and unlock it just to display an item on your Apple Watch, there would be little point to actually displaying it on watch as you would already have your phone in hand.

How to keep your Watch data safe

The most effective way to protect the data on your watch is to use your discretion when you add information to it. We’ve also built in two safeguards to guard against intrusion, including one that is optional.

Device passcode required

You’ll need to set a device passcode to use 1Password on your Apple Watch. The items on your watch are protected only by your device passcode, and not by your Master Password. Use a device passcode of at least 6 digits.

Enable Wrist Detection

To automatically lock your Apple Watch when you remove it, enable Wrist Detection.

On your Apple Watch, tap Settings > General > Wrist Detection and turn on Wrist Detection.

Security of particular uses

There are many sorts of Items that you may want to Add to Apple Watch for which the security risks are acceptable to you. Everyone must decide these for themselves, but here are some cases.

  • One-time passwords

    You may be using a memorable password for an account where you’ve enabled two-step verification. But when you sign in to such services from a new device, you’ll be asked for the one-time password.

    When a 1Password item containing a one-time password is added to your watch, the username and password for that item are not saved to the iOS Keychain with the secret used to generate one-time passwords. Only the one-time password will be displayed on your watch. Your password for the Login remains fully protected by your Master Password.

    Only the one-time password is available on your watch. The secret used to generated one-time passwords stays on your phone. Your password for that particular Login remains fully protected by your Master Password.

  • Garage door combination

    Some automated garage doors have a keypad into which a numeric code can be entered to open the door. You may use it infrequently enough that you do not memorize it, and so it would be very useful to store in 1Password.

    You may find the security risk acceptable because you already accept the risk of someone stealing the remote opener for your garage door.

  • Bicycle lock combination

    Lock combinations for things that a determined thief might saw through anyway may be appropriate for making available for 1Password on your Apple Watch. You may want to create a Password category entry for this or use a Secure Note.

  • Login used mostly from a computer lab

    Perhaps you’re a student, and there is a service you regularly sign in to from a shared computer in a computer lab. It’s not something you sign in to frequently enough to have memorized the password, but it’s something you need often enough that you’d rather not dig out your phone from your back pack.

  • Nuclear missile launch codes

    This is not an item which would be appropriate to use with your Apple Watch.

You must decide for yourself what is beneficial for you to make available to your Watch even when your phone and 1Password are locked.

Further technical details

About the iOS Keychain

Apple Watch apps do (almost) all of their processing and data manipulation on your iPhone. So when you use Add to Watch in 1Password on iOS, you are selecting data to be written to a place where the 1Password Watch Extension will be able to read it even when your iPhone is locked.

This diagram from Apple’s documentation illustrates how the division of labor works between the watch itself and the Application Extension that talks to the watch. The data that is copied when you select an item to Add to Watch in 1Password is stored among the resources on your iPhone.

Division of labor between Watch and Extension

These items are still protected by iOS security, with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, as we need them to be accessible to the 1Password extension even when 1Password and your phone are locked. It would still be extremely difficult for someone who steals your phone to learn these secrets unless they are also able to discover your device passcode, but this data is not protected by your 1Password Master Password.

These items will not be accessible to 1Password on your Watch until you have first unlocked your iPhone after a restart (“Accessible After First Unlock”). Additionally these items will not be migrated to other phones when restoring a backup (“This Device Only”).

In theory, an attack on your phone that manages to by-pass your device passcode can leave that data in the iOS Keychain exposed to attackers. As of this writing no such attacks are known. Additionally if someone is able to unlock your iPhone with the passcode, they will have access to that keychain data.

What gets written to the iOS Keychain

Only a portion of the details of an item will be written to the iOS Keychain to be made available for 1Password on your Apple Watch.

For all item types:

  • Item UUID
  • Title
  • The domain part only of a URL for the item
  • Item type (Login, Credit Card, etc.)

In addition to those, different details are written for different categories:

Logins Credit Cards Passwords Secure Notes
Username* Card number Password Notes
Password* Expiration date
Verification code
Card type (Visa, Discover, etc.)

No other information is written, such as notes or attachments. The only exception to this is Secure Notes for which Notes are included because that’s the primary content in the item.

* If a secret used to generate one-time passwords is present in a Login item, the username and password are not written to the iOS Keychain, only the secret.

Published: