Unlock 1Password on Mac using TouchID without jailbreaking

IMPORTANT NOTE ABOUT THIS BLOG BEFORE YOU GET ALL EXCITED:

The way I describe unlocking 1Password does come with pretty serious security risks. Please read the “Concerns (security related and others)” section BEFORE you decide if you want to use it. There are probably other security risks that I am not even aware of … so please take that into consideration.

With this important note out of the way … Here comes the rest of the blog.

One of the best apps I know , and one that I use on a daily basis, is 1Password.

If you do not know what 1Password is, than you really need to start by visiting their website, download their app, and set yourself up. 1Password supports all major operating systems, but this particular blog is aimed for Mac users, although I am positive that an equivalent workflow can be created for a Windows based computer – probably simpler to switch to using a Mac, which is in my opinion what you should do anyways ! ­čśë

118785-20141019

The reason I wrote this blog, is because I was not able to find a way to unlock 1Password on the Mac by using my touchID on my iPhone (and soon to be iPad). My 1Passowrd master password is over 40 characters long. I became very quick at typing it, but with the introduction of IOS8, it is now a simple matter of using my finger to unlock 1Password on the iPhone.

I started by looking for fingerprint readers for the mac, but it seems that Apple made sure that there is no way to get one that actually works (don’t ask me why, this is one area they did not ask for my opinion).

The next search took me to things like BuiUnlock , Bioprotect, UnlockID, Activator and Touchy. All of which requires you to jailbreak your phone. I am sure that Apple will open this option, or will start shipping mac books that have this built in, but at least at the time of writing this blog, I did not find anything that did not require me to jailbreak my iPhone (maybe by the time you read this, it’s already happening, in which case, you can stop laughing, and stop reading as well).

Anyways, back to the present … There is nothing currently that would allow me to use my touchID to unlock my 1Password on my Mac by using my iPhone, without the need to type my (very long) password.

I was a man with a mission ! , and the thrill of making it work was so great, that I decided to blog about it (not to mention that if I need to repeat this, I will have instructions).

What do you need?

  1. Keyboard Maestro ($42 CAD) on the Mac – This is another must have application for anything that you would like to automate.
  2. Command C (free for the Mac, $3.99 for the iPhone/iPad) – Allows to share the clipboard between mac devices.
  3. Time (depending on how much you value your time, this can be cheap or super expensive) – It will probably take you 10 minutes or so if you simply follow my instructions.

What does it look like when it is all working?

How does it work?

  1. On my home screen, I have a link that opens safari, and redirects it to 1password, asking it to search for the “1password_Autologin” item.
  2. I click on the password field, and ask 1password to copy it to my clipboard (1Password will delete it automatically from the clipboard within 30 seconds).
  3. I later click on the “website” associated with the login, which in reality is a link to the “Command C” application.
  4. The “Command C” application sends the password to the destination computer (using 256bit encryption), making it into a string in the clipboard on the destination computer.
  5. Keyboard maestro on the destination computer notices the password (it is prefixed with “1pp-“), opens 1Password, logs in, and cleans the clipboard history.

TADDDAAAA !

 Concerns (security related and others):

This is a really “cool” way to login to 1password without typing it every┬á time on the computer, but it does have drawbacks that you need to be aware of:

  1. It is ALWAYS a really BAD idea to store your master password that controls your life in the clipboard, no matter for how long.
  2. Since the information is passed in the network, USE it ONLY in places that you consider TRUSTED AND SECURE (your home network, or work network), but NEVER in a PUBLIC network (starbucks / library / hotel etc). The company that created “Command C” do say on their website that the information is sent using 256bit encrypted, but I would still not take the risk.
  3. I tried to cover the places that may store the information in some way, but if you have a another clipboard manager of some sort on your mac, your password will most likely stay there, unless it has some settings that you can figure out that would remove the password.
  4. Use this at your own risk, this is just something that I came up with over a weekend, it is by no means super secure.
  5. This setup works well for me, there is no guarantee that it will work smoothly for you.

Instructions:

  1. Download and install “Command C” on your Mac computers and IOS devices.
  2. Connect the Command C application on your Macs to your IOS devices (use the instructions in the app, it is quite straight forward)
  3. Setup the Keyboard Maestro rule to open 1password and unlock it automatically. You can simply download the file below, unzip it, and double click on it to add it to your library:Unlock 1password.kmlibrary The following picture explains the macroScreen_Shot_2014-10-19_at_10_52_09_AM
  4. Add your 1password master password to 1password on one of your IOS devices (I know , it sounds strange):
    1. Open your Command C on your iPhone / iPad (the device you connected in step 2) and do the following:
      1. select settings (the gear icon)
      2. Click on “URL Scheme”
      3. Click on “Copy Clipboard”
      4. Select your computer from the list, and copy the “URL Scheme”
    2. Open 1Password on the same device as step 1 and do the following:
      1. Create a new “login item” in 1password, and enter your 1password master password prefixed by “1pp-“.
      2. Name the item “1password_Autologin”
      3. For the website, paste the URL Scheme you obtained in Step 4.1.4
      4. Repeat for every Mac you have that has 1Password installed (if you notice in the screenshot below, I simply added more “websites” to the same 1Password rule, and named each to match the destination.Screen Shot 2014-10-19 at 12.52.20 PM
  5. Add a nice button on your home screen (this one took me a while to figure out. It was actually at great pain thanks to apple):
    1. Trigger the process:
      1. Open this link from your Safari on each IOS device you want to use.
        The link will open 1password for you, and will filter the list to show only the “1password_Autologin” item.
      2. Go back to Safari, and choose to make a homescreen button from the current url
      3. Rename the link to whatever you likecdde9d4c6fabd4891069afdbf85b7247
        f070bb6641762e8086515ec1dbe126f1
  6. Cleanup (removing all traces of the pasted information):
    1. On your computer, go to the Command C preferences, and under “behaviors”, uncheck the “Show Clipboards Preview”Screen Shot 2014-10-19 at 1.03.24 PM
    2. On your ios devices under the Command C settings, disable clipboard historyc62b172b3a8acd14854cf0590b051d4e
    3. In your 1Password on the IOS devices, under settings  security, choose to clear the clipboard after 30 seconds.e0bb79961b5780b2cea78f5f29a3a13b

 Last words of wisdom:

If you have read it this far, you might as well implement it ! ­čÖé