iTouchSecure: an amazing Touch ID security app for autofilling passwords

iTouchSecure header

After a few days of intense testing, I can now recommend iTouchSecure for iOS. iTouchSecure is a recently released jailbreak tweak that allows you to autofill every password in any app using Touch ID. It’s what we all imagined Touch ID evolving into after Apple had some time to perfect the technology. But you don’t have to wait for the evolution. All you need is a jailbroken iPhone 5s and 5 bucks.

iTouchSecure is one of those jailbreak tweaks that convinces people on the fence that they need to jailbreak. It can speed up your workflow when using apps that require you to enter a password, and it’s about as secure as one could hope a tweak like this to be.

The iPhone 5s’ Touch ID sensor is pretty remarkable in itself, but when combined with a tweak like iTouchSecure, it goes from remarkable to downright amazing. We’ve got a full video walkthrough showcasing iTouchSecure’s features inside. Have a look and see why this must have jailbreak tweak should be installed on your iPhone 5s.

The preferences

After installing iTouchSecure, you’ll notice a new settings panel for the tweak located in the Stock settings app. The tweak’s settings are simple and concise, but I find that the text contained within is a bit over the top. For some reason the developer, iRealSMS creator, SpiritOfLogic, thought it would be a good idea to capitalize almost every character contained within iTouchSecure’s settings. Needless to say, it makes for quite the jarring experience. More developers should take a page from the preferences used in tweaks like CCControls.

iTouchSecure preferences 01

Inside the tweak’s preference panel you’ll find the following toggles:

  • iTouchSecure enabled: a kill switch for turning the tweak on or off
  • Auto Press OK enabled: a setting used to automatically submit passwords
  • Autofill without Touch ID authentication: makes iTouchSecure work without needing to verify with Touch ID. (You’ll want to keep this setting disabled in most circumstances.)
  • Delete all passwords: a toggle used to quickly delete all saved passwords found in the local keychain.

iTouchSecure preferences 02

The only two toggles that you’ll want to have enabled are the first two. iTouchSecure touts its ability to work with devices prior to the iPhone 5s, but I cannot recommend that you do this at all. The whole point of this tweak is that it allows you to maintain your security via the Touch ID sensor, while adding the convenience of saved passwords to the keychain. Bypassing Touch ID, or using this tweak on a device without Touch ID, is just asking for trouble.

How it works

When you’re about to login to an app and you have iTouchSecure enabled, you should see a yellow box outlining the password field. This indicates that iTouchSecure can see this field as a valid entry, and will save the password entered into the local keychain. Sadly there is no saved confirmation dialogue, or anything of the sort; iTouchSecure could definitely benefit from having a meticulous designer on board for the project.

iTouchSecure Initial

The next time you attempt to log back into the app, the password box should be surrounded with a green box indicating that a saved password for this app is stored in the keychain. iTouchSecure gives you a few seconds to then verify your Touch ID fingerprint, which will submit the saved password into the field. If you have the Auto OK toggle set to on in the tweak’s preferences, then the password will automatically be submitted and logged in if possible.

iTouchSecure App Store

It even works with the App Store

If you wait too long before verifying with Touch ID, then the little red and yellow thumbprint to the right of the login box will turn completely red and Touch ID will be disabled for iTouchSecure. This is to cut down on potential conflicts with other Touch ID tweaks like Virtual Home. In order to reestablish the connection between Touch ID and iTouchSecure, you’ll need to tap the password box again.

iCloud Keychain and iTouchSecure

Some people may be wondering why a tweak like iTouchSecure is needed when you can use something like iCloud Keychain. Let me make it clear that iTouchSecure and iCloud Keychain are two totally different beasts.

iCloud Keychain is nice, but it only works within the Safari browser, which means that it can only work with web-based login forms. iTouchSecure, on the other hand, works with web-based login forms, as well as virtually any other type of login area. iTouchSecure can even work with login areas on native standalone apps. This is the main thing that separates iTouchSecure from iCloud Keychain.

Another differentiating factor between iCloud Keychain and iTouchSecure, is that the passwords saved with iTouchSecure are saved only in the local encrypted keychain—the same keychain that stores your Wi-Fi passwords and app passwords. The Safari passwords saved with iCloud Keychain enabled are saved to a local keychain and then synced with iCloud, which means that they can work across multiple devices. Both iCloud Keychain and iTouchSecure can and should probably be used together; I don’t see any harm in doing this.

iTouchSecure Delete

The big news here is that you’re now finally able to save passwords in native apps. That means that it’s possible to save your banking app login, your 1Password login, or any other login that doesn’t normally allow you to save its password. With Touch ID securing your device, you can feel confident that your data won’t be compromised.

Having iTouchSecure on a device, and being able to quickly login to apps using Touch ID is a liberating feeling. Workflows speed up significantly, and apps stay more secure due to the dwindling temptation to utilize an easy-to-enter password.

The issue of Safe Mode

Over the weekend, I made a note in our 1Pal walkthrough (for the record, these two tweaks are not related at all) stating that I had found a potential security flaw in both it and iTouchSecure. I found that when your device enters safe mode, the Touch ID security goes away on the SpringBoard and the device is left unprotected after unlocking it.

If you watch near the end of the embedded video walkthrough above, you’ll see what I mean. When I put the iPhone 5s into safe mode using an Activator gesture, iTouchSecure fails to work because it can’t communicate with the SpringBoard. The tweak then allows me to log directly into 1Password without needing to verify my Touch ID credentials.

While this seemed to be a little concerning to me at first, keep in mind that in the unlikely event that your device is kicked into safe mode by a stranger, they would still need to bypass the device’s Lock screen security using your passcode or Touch ID fingerprint. In other words, even in safe mode, it’s highly unlikely that anyone will be able to compromise the apps you have configured to use iTouchSecure.

Coming features

After talking to its developer, it’s clear that iTouchSecure isn’t just a shot at a quick money grab. The same developer behind this tweak is behind the well respected iRealSMS, PwnTunes, and others.

At the moment iTouchSecure doesn’t work with Google Chrome or Google logins in general. There’s also not a way to Auto OK Safari web-based logins. Expect both of these issues to be resolved in an upcoming update.

The Final Verdict

I do wish that the developer would team up with a respected designer and clean up the look of the tweak’s preferences. The preferences are pretty bad to look at for a tweak that costs $4.99, and it’s one of the areas where iTouchSecure falls a little flat.

Even with some of the shortcomings I listed above, iTouchSecure is an awesome way to secure your device with Touch ID. It makes it so much easier to login to your favorite apps and websites, and it feels like a natural evolution of Touch ID. You’d be crazy to own a jailbroken iPhone 5s and not be willing to give it a shot.

Head over to Cydia’s BigBoss repo to download iTouchSecure today. Be sure to let me know what you think of the tweak in the comment section below.