1.6. Multi-factor authorization¶
To ensure a high level of protection, the extension’s access to the Password Vault can be configured with up to three factors of authorization. Only a successful combination of all factors configured allows the client to access credentials and log into a site.
The first factor is proximity. The phone must be running the KeyReel app while close enough to the associated computer to establish a Bluetooth connection. This factor is default and mandatory for all communications between the phone app and the extension.
The second factor is explicit authorization with a Touch ID or six-digit PIN code. It can be enabled on a per-site basis. This factor requires users to unlock the KeyReel app on the phone and explicitly grant access to the site.
The third factor is optional and is connected to the second one: unlocking the KeyReel app requires unlocking the phone. If your phone is protected with a PIN code, TouchID, or FaceID, this factor can be used to authorize requests for credentials from the extension as well. We highly recommend enabling this additional factor, as it is a simple and highly effective protection of your Internet identity.
We recommend configuring your phone to unlock with biometric authorization (TouchID or FaceID) and unlocking KeyReel with a PIN code. This allows secure login with three different types of factors: Bluetooth proximity, biometrics, and secret PIN code.
Multi-factor KeyReel authorization on the iPhone is used for accessing selected sites, pairing, importing passwords, and restoring from backup.