When you turn on Face ID on your iPhone or iPad Pro, you can unlock 1Password with a simple glance. Because you can unlock 1Password so easily, you can use a longer and more secure password for your 1Password account than you might otherwise have chosen, and you can use 1Password more often and in more places.
Your facial data is not stored in 1Password
1Password never scans your face or stores any representation of it. Face ID is provided by iOS, which only tells 1Password if your face was recognized or not.
Learn more about Face ID advanced technology.
Your 1Password account password still protects your data
Apple hasn’t designed Face ID as a replacement for your device passcode. In the same way, using Face ID in 1Password doesn’t replace your account password or undermine the security of 1Password. Your data is encrypted with your account password, and that remains true even with Face ID turned on.
Your 1Password account password is stored securely
When you turn on Face ID, 1Password stores in the iOS Keychain an obfuscated version of a secret that is equivalent to your account password. The secret is used to unlock 1Password when your face is recognized.
It’s important to understand that the iOS Keychain is not the same thing as iCloud Keychain. Indeed, the secret is stored in a way that makes sure it will never leave your iOS device, not even for backups. 1Password uses the kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly attribute to store the secret, which means that:
- Your device must be unlocked for the secret to be accessible.
- Your device must have a device passcode set. If you turn off your device passcode, the secret is deleted.
- The secret cannot be restored to a different device.
- The secret is not included in iCloud backups.
- Only 1Password can access the secret.
1Password removes the secret from the iOS Keychain:
- When your face isn’t recognized five times in a row
- When the amount of time in Settings > Security > “Require password” has elapsed
- When you reset Face ID or set up an alternate appearance on your device
Protect yourself when using Face ID
The advantages of using Face ID far outweigh the risks. Follow these tips to stay safe with Face ID:
Remember your 1Password account password. If you use Face ID frequently, it may be easier to forget your account password because you’re not regularly typing it.
Don’t jailbreak your device. Someone with physical access to your device could theoretically access the secret that 1Password stored in the iOS Keychain. However, that would require unlocking the device, jailbreaking the device (so that something other than 1Password can read the iOS Keychain data that belongs to 1Password), and defeating the obfuscation of the account password. If you jailbreak your device, you are willingly defeating one of the strongest defenses against such an attack.