pwSafe and Touch ID / Face ID
How does it work?
When you enable Touch ID for a safe, pwSafe will store the safe's password in the device's keychain using the most secure storage option, which means the safe's password will always be encrypted and secured by TouchID secure enclave (iOS 9+) or by the device's unlock code (iOS 8). Moreover, the password will not be synced or backed-up and it will be deleted if you remove your device's password or change any fingerprint configuration (iOS 9+ only).
pwSafe will ask for your password again every time it detects your device has been rebooted.
Is that secure?
This is not a yes or no question. It's very secure, but there are some implications:
- Your safe's security is now tied to the registered fingerprints/face on your device.
- Your safe's security is now tied to the security of your device's processor secure enclave. It is believed to be very secure, and no attacks on it have ever been publicized at this time.
- Your safe's security is now tied to your device's passcode strength. If you have a weak unlock code, i.e. a 4 digit pin, that's most likely unsafe.
- Your safe's security is now tied to the registered fingerprints on your device. Fingerprints are less secure than passwords, in the sense that they can be copied from anything you touch by someone who has the necessary skills.
If you have any doubts, please contact us we'll be glad to clarify any doubts you might have on Touch ID.