Security with "Use the Trusted Platform Module with Windows Hello"

Hi kapsiR:

On behalf of Peter, you're very welcome!

Jack

Thanks very much! I appreciate the detailed explanation!

Hi kapsiR, thanks for these questions.

There is no way to have additional secret entropy added in, since Windows doesn’t provide a secure place to store data that only our app can fetch (akin to the macOS keychain, for example).

Assuming you haven't downloaded any malicious apps (which are the chief threat for this scenario), and you only accept TPM-backed Hello prompts (i.e. the ambiguous one where it doesn't specify the app unlocking it) when you expect there to be one, there's no substantial risk.

To add a bit more detail: NCrypt / Windows Hello wrap and control all access to the underlying Hello device. So therefore any userland software can make the same requests as another app. We provide the message you mentioned in order to notify the user that control is shifting to the TPM / Hello in a different way than it does when just using Hello with 1Password alone, and that you should trust the apps on your device if you want to enable this feature.

Thanks for the detailed explanation - it's much clearer now.

So the secret is stored on the TPM - anyone with a Windows Hello prompt authenticates against the whole TPM?
And I assume there is no way to have an additional entropy when prompting via Windows Hello to make this a little harder for attackers? 😄

Hello again kapsiR, thanks for getting back to us.

With regard to this warning when you enable TPM support, 1Password loses control over what can prompt you to access the key 1Password creates on the TPM. As noted in the article I provided, "1Password delegates the responsibility of authentication to Windows Hello."

Without the TPM option enabled, Windows Hello stays within our process so any phishing attempts by a malicious process wouldn’t work. However with Enhanced Windows Hello, a malicious process can potentially trick you into accepting a context-less prompt in order to decrypt your data. We've included the above prompt to have the user confirm that they know the risks and that you trust other apps on your system which generate their own Windows Hello prompts. The key itself is safe in the actual TPM, its just a concern when logged into Windows.

As far as I understand, we'll have some additional resources about this in the future, but it’s not ready just yet.

Thanks for the response, my concerns are especially about that sentence:

A malicious application could prompt you to unlock 1Password to access your information.

So why is this possible? Do you have resources about that?

Hello kapsiR, I'm sorry for the delay in response. I'm happy to help with your questions.

We have an article on our support page that discusses Windows Hello security in 1Password for Windows. This same article goes on to discuss more information if you are using the Trusted Platform Module with Windows Hello.

Is there a way to retrieve the applications which have access to Windows Hello?

I'm unsure if it possible to retrieve a list of applications specific to your device that have access Windows Hello. If this is an area of concern, it would be worth reaching out to Microsoft support for help or to see if this is possible.

I hope this helps!