Using kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly

After a pen test it has been suggested we use kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly for keychain accessibility. It is currently using kSecAttrAccessibleAfterFirstUnlockValue

We only store name, email, sms etc in our keychain but I've been asked to explore how much effort this would be

My initial concern is what happens to users without a passcode? Is there a way to enforce this for users with a passcode but fallback to something else for other users?

Thanks

My preferred source for info on these options are the doc comments <Security/SecItem.h>, which is this case say:

This attribute will not be available on devices without a passcode.
Disabling the device passcode will cause all previously protected
items to be deleted.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Using kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly
 
 
Q