After a pen test it has been suggested we use kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly for keychain accessibility. It is currently using kSecAttrAccessibleAfterFirstUnlockValue
We only store name, email, sms etc in our keychain but I've been asked to explore how much effort this would be
My initial concern is what happens to users without a passcode? Is there a way to enforce this for users with a passcode but fallback to something else for other users?
Thanks