Asked to approve Touch ID when my Mac doesn't support it - is this a security concern?

Question

Hi there, something odd happened to me when signing into 1Password this morning, and I hope someone can reassure me that it's not a security concern.

I'm using a mac studio with the original Apple bluetooth keyboard &amp; trackpad (The old ones that take AA batteries. The keyboard does not have Touch ID built in).
I also wear an apple watch, and allow 1P to unlock via a double-click on the watch.

When logging into the 1Password app this morning, I entered my password manually, then the app asked me to approve the use of Touch ID by double-clicking my apple watch. Foolishly I did so, even though my mac has no way of receiving a Touch ID input.

So my question is whether this could be a potential security concern? For example, if someone got access to my login credentials and tried to set up 1Password on their iPhone, could the mac app ask me to confirm the use of Touch ID on a separate device?
I don't believe this is possible, but I'm not certain.

As soon as this happened I updated to version 8.10.56, but I didn't take note of the version I was on before the update.

If this is a security concern, is there a way for me to force all instances of 1P to log out on all devices, or would I need to update my Master Password.

Thanks for any insight on this.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS Sonoma 14.6.1
Browser: Not Provided

1p_evon · Answer

Hello, swordio777. Thank you for writing in.

Based on what you shared, you're running into a known issue our development team is tracking with the 1Password desktop app on a Mac. This problem involves the Apple Watch prompt referencing Touch ID, even though Touch ID is unavailable on your device. I've added you as an affected user to our internal reporting.

While I can't give an exact timeframe for a fix, I recommend keeping 1Password up to date so you can receive the fix as soon as possible. You can find the updates posted on our website:

https://support.1password.com/update-1password/
https://releases.1password.com/

I apologize for the inconvenience. Let me know if you have any questions.

-Evon

ref: dev/core/core#34088

sinistercb · Answer

Hello - I'm echoing the fact that I was concerned about this behavior in light of the recent WSJ article about the Disney employee who had his 1Password account hacked. https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931

Glad to learn that it's a known issue. Please also add me as an affected user, and someone who is eager to learn about the fix availability.

Thanks, Chris

1Password for Mac 8.10.64 (81064007)

swift · Answer

1P_Evon&nbsp;Do you have an update on this issue?I've been having the problem for MONTHS now. &nbsp;1password has updated a handful of times during that period, but the problem still persists. &nbsp;And is very annoying.

1p_evon · Answer

swift​,Thank you for the ping. I don't have an update regarding this issue at this stage. I know this isn't the answer you were hoping for, and I'm sorry for any interruption in your workflow caused by this. I'll advocate for you to our team as we continue working on this.&nbsp;-Evon

Forum Discussion

Asked to approve Touch ID when my Mac doesn't support it - is this a security concern?

4 Replies

Recent Discussions

Passwords that don't save in time

Feature Request: Rename Employee Vault in 1Password Business

I accidentally deleted my account today and now I need to recover it. What should I do?

Ok, I get that "Unlock with iPhone" Isn't Available Through Apple, but...

Feature Request - Secure Vault