Your fingerprint is not stored in 1Password
1Password never scans or stores your fingerprint. Touch ID is provided by macOS, which only tells 1Password if your fingerprint was recognized or not.
Learn more about Touch ID advanced security technology .
Your Master Password still protects your data
Apple hasn’t designed Touch ID or Auto Unlock as a replacement for the password you use to log in to your Mac. In the same way, using Touch ID or Apple Watch in 1Password doesn’t replace your Master Password or undermine the security of 1Password. Your data is encrypted with your Master Password and Secret Key, and that remains true even when you use Touch ID or Apple Watch to unlock.
You can also tell 1Password to require your Master Password after a specific amount of time. Go to Preferences > Security and change the Require Master Password setting.
Your Master Password is secured by the Secure Enclave
When you use Touch ID or Apple Watch to unlock, 1Password stores an encrypted secret on disk. This secret is used to decrypt your 1Password data when your fingerprint is recognized, or you approve 1Password on Apple Watch. In 1Password 7 and later, the secret is encrypted using an encryption key stored in the Secure Enclave, which only 1Password can access.
To decrypt the secret, 1Password proves its identity using code signatures, and then it moves the encrypted secret to the Secure Enclave. The secret is decrypted using the encryption key and returned to 1Password to decrypt your data.
This process happens locally, and the encryption key never leaves the Secure Enclave.
1Password removes the encrypted secret from disk when:
- You use Touch ID and your fingerprint isn’t recognized three times in a row
- The amount of time in Preferences > Security > Require Master Password has elapsed.
Protect yourself when using Touch ID or Apple Watch to unlock
Follow these tips to stay safe when you use Touch ID or Apple Watch to unlock:
Remember your Master Password. If you use Touch ID or Apple Watch to unlock frequently, it may be easier to forget your Master Password because you’re not regularly typing it.
If you’re using 1Password 6, don’t share the password you use to log in to your Mac. Someone who knows it can enroll a fingerprint and use it to unlock 1Password 6. 1Password 7 and later automatically require your Master Password after a new fingerprint is enrolled on your Mac.
If you’re concerned someone may attempt to use your fingerprint or Apple Watch without your consent, turn off unlock using Touch ID and Apple Watch. Retrieving your Master Password from your mind while you sleep is still in the realm of science fiction. However, your fingerprint or unlocked Apple Watch can be used without your consent whether you’re sleeping, unconscious, or otherwise. If you anticipate such a situation, turn off unlock using Touch ID and Apple Watch.