Additional password

[Mukrosz]

Good day,

I am curious on your stance to have additional password (aside from Touch ID) that unlocks Signal app on IOS. This has been brought up several times with no definitive answer so i wanted to get a clarification. Is it a yay or a nay?

Many thanks!

[sigenc]

https://whispersystems.discoursehosting.net/t/passphrase-encryption-only-for-message-contents/917/2

[Mukrosz]

Thanks. Great post, sadly without answer,

[sigenc]

There is alot controversy about this topic. I really don't know how this even could be a debate if the app should use it's own encrypted storage. Look around in the issues. Even Frederic Jacobs didn't really pointed into this direction. There are similar open issues, so i think this would be closed.

peace

[Mukrosz]

Considering the fact you may be forced to unlock your phone using your fingerprint is already a reason enough to have a secondary in-app encryption mechanism. I suppose one can opt out of using a fingerprint to begin with so that's a decent solution. That said, easier said than done so it is me simply inquiring. But i think I get the gist.

Thanks for the hard work!

[sigenc]

relevant posts: #738 #1552 #1606

[sosoyan]

Please add this feature as priority, if we care about security. It should ask for given Pass Code or Touch-ID every time when you open the App or switch back.

[TobiasWantzen]

I strongly second this! Please give the iOS app a startup password.

Sometimes I let my children play some games on the iPhone. Then everything is possible ... I use two other apps for my sensitive data, which can optionally ask for a (app-specific and – certainly – system-different) passphrase, and this is absolutely great!

No password protection is IMHO a great minus for Signal on iOS! And it's the main reason, why I use the famous payed app from Switzerland for all my sensitive communications, although I would prefer to use Signal.

Please treat Android and iOS consistently! Thanks.

[sigenc]

@TobiasWantzen Maybe OWS will treat it consistently. Moxie thinks about removing the local encryption to favour android's FDE. Dunno what he knows, what might be a valuable reason to do so. This is the moment when i will stop believing in ows anymore. And i love them from the bottom of my heart.

[Sea-Worker9552]

I completely agree with a secondary mechanism to lock the app -- either passphrase/PIN or even TouchID/Pixel Imprint. Before someone goes off against fingerprints, the whole issue of fingerprints isn't settled yet. People keep pointing to that one lower court ruling mandating a user to unlock their phone, but the issue has yet to be challenged further and the SCOTUS has not ruled on it.

I think it's best that users recognize what works and what doesn't--a 4 digit PIN has its weaknesses too at the end of the day.

I also don't understand why backups have to be exported in plaintext. Can there not be a password to encrypt backups?

[robyoder]

I agree that this is a duplicate of #738, but unfortunately that issue has been closed for comments. I too would like to see a secondary lock on the Signal app itself. There is a setting in Signal on iOS to "prevent Signal previews from appearing in the app switcher."

That seems to indicate that the Signal team recognizes that merely having the phone unlocked does not mean Signal messages should be displayed. So it is strange that there is not an option to actually lock the app when switching away from it. Sure, the app switcher setting could protect from people watching your phone screen when you didn't realize that screen was going to come up, but the case I'm more concerned about is handing my phone to a friend to look at a photo or play a game or something and having them stumble upon something confidential accidentally (or, hopefully not, mischievously or maliciously).

A great example of this is 1Password, or other password managers. You don't get instant access to all of 1Password's contents when you unlock your device. You must enter your Master Password. The only way around that is to enable Touch ID, but you still must unlock 1Password with Touch ID separately from your phone. But 1Password isn't a messaging app, so I'm looking for a messaging app that offers similar security: end to end encryption, locked by a password.

(Side note: I'm a developer for 1Password)

[robyoder]

There are some other interesting options here to combat the required unlocking scenario. A self-destruct password could immediately delete all conversations and show an empty app. Or a decoy password could simply open the app to a blank list or list of fake conversations without destroying the actual conversations.

[thislooksfun]

This would be amazing. I just got the app myself and if it could have this protection it would be hugely appreciated.

[sigenc]

Android is getting some pretty strong FBE and Apple hired Jonathan Zdziarski a while a go. I think they are moving in a very good direction. But i still believe that you must have the option to encrypt the app. There are just more pros than cons

[rlavigne99]

We need to be able to put a pass phrase on the app itself like telegram does with two factor option as well. I am using the desktop windows app and the ios version of the app. Please get this in the next iteration, its does not make sense that this is missing.

[harrisondesbrosses]

Has there been any movement on such a feature? @robyoder raised the best points!

[MatejKovacic]

Well, I think that relaying on iPhone security and not implement your own security features is not very wise.

Because of this: https://gizmodo.com/phone-cracking-firm-cellebrite-claims-it-can-unlock-lat-1823331672

I mean, if iPhone Touch ID is so good, why then Facetime encryption is not so good? Be consistent: trust only your own solutions.

[laurens94]

Besides the arguments mentioned earlier: it’s also a pattern people are getting more and more used to. For example Telegram and Protonmail allow additional security using a pincode or TouchID.

[Sea-Worker9552]

Looks like Signal was updated to include TouchID. However, in all my experiences I've seen TouchID backed up by an app-specific password. For instance:

• LastPass uses TouchID in place of master password

• Banks use TouchID in place of account login

Signal has no ability to cancel out of TouchID and enter in a password, and this is where I think needs a fix.

[hbrysiewicz]

👍 for enabling this. Android used to have a separate password for Signal but a recent update has removed this ability. Seems bad.

[michaelkirk-signal]

We no longer track feature requests on GitHub, only bugs with existing functionality. Please see https://github.com/signalapp/Signal-iOS/blob/master/CONTRIBUTING.md for details.

The forum would be a better place to discuss new features: https://community.signalusers.org/