What happened: problem on Touch ID / FaceID problem, easy for someone who know password device to enable biometrics from setting and access everything
What I expected: so I expect to remove the biometrics button on/off from setting and put in the app, with the password confirmation for enable!
That would be very inconvenient, and would make the feature pretty unusable.
Our objective is not to provide top level security and encryption, but to hide things from casual use, like children, people passing by etc.
If someone has your login password, there is really nothing you can do to stop them getting your stuff. In that case, you might use 1Password for really private stuff, and don’t store the password in the keychain, because then the person accessing the computer can go there too.
If general, Apple’s system was designed for single users who don’t share credentials. Once you share your credentials, it is very difficult to protect your data, other than by a specialized app that doesn’t use Apple’s keychain.
Yes I know unfortunately, is the same problem that I had with Bear (that even encrypt notes, only text), but on Dayone for example is possible to block faceID from INSIDE the app, so it’s enough secure but actually who can use faceID if you access whit apple login use Touch ID to access the account, and is easy delete app reinstall and login and have access to all contentent instantly, not good at all.
so I think is something possible to develope for agenda.
I think taking some journal and research and diary private from peoples who have around is essentials!
I love how agenda allow to block some project and keep open something and also block some single notes
Look like any app leave voluntarily some holes in the system, and look like apple talking about privacy is a completely BS, even in apple note was possible to set different password from device password and now they change to device password (and also apple note not “encrypt” or better say protect with password note with all attachments only draw and some image and PDF only if scan from the app, not imported PDF, not video not audio recording or others file!
We can think perhaps about an option that you must use a password to unlock, and cannot use any biometrics. Might be simple enough to do.
This doesn’t really solve the problem though. Someone with you Mac credentials can still snoop in you system, and also delete keychain entries used to store your password for Agenda. So they could easily remove the password anyway. There really is no straightforward way to prevent someone with your credentials from changing things on your system, even passwords.
Drew
for me should be perfect the ability to chose if I want use biometric or not for that specific example:
faceID a for unlock app disabled,
Allow Face ID for unlock project,
Disable faceID (only password)for unlock single note,
And any of this change avaible only if put the password.
I’m curious in what others way work?
How can someone can access the content know the system password if I not save my unlock password in the keychain?
How does Agenda know the password you type is correct? It has to store the password in some form so it can compare with what you type. The safest place is the keychain. But with the system password, anyone can access the keychain, and change it.
We could put the password somewhere else, like in some file, but it wouldn’t take long until someone discovers where that is, and you have the same problem.
Yeah but at this point should be more difficult, not so obviously, however I have just check my keychain but I not find any password of agenda (not using other’s password manger), I find only the account password but not the unlock password, how or where can I find it?
It is under the name com.momenta… I think.
I not find nothing I checked all single password in the keychain, where I can find it?
However can be easy like dayone app do or devonthink to go do enable disable faceID from inside the app and asking code for change the setting.
(is not perfect but make huge difference in my case, if you also change where the password is stored it take a while for find and do it not easy setting, allow)
We will think about it. If we hear others asking more for it, we can possibly add something.
The problem is that any solution is flawed if someone has your sign in password. They can delete the entries in keychain if they know what to look for, and if we add a setting, they can just change the setting.
But we hear your request, and will take it along. If we hear this more often, we may be able to find a solution.
Hey,
instead using iCloud Keychain for save the password why you not use Apple security enclaves?
any plan for backdoor encryption?
Keychain does use the enclave for storage.
We don’t use the password feature of the enclave, because it doesn’t sync across devices.