Introduction

Royal TSX (for macOS) has always supported storing your document's passwords in the Keychain which frees you from typing long and complex passwords every time you open your documents. While this is undeniably convenient, the downside is that anybody can pick up your (unlocked!) Mac, start Royal TSX and gain access to your connections and credentials. With the inception of Touch ID on the Mac we can improve on this.

On Macs that have a Touch ID fingerprint sensor you may optionally choose to protect the document passwords you store in the Keychain by Touch ID. This frees you from having to type long and complex passwords while still requiring authentication. Note that neither Touch ID nor the Keychain itself replace your document's password! They only serve as a more convenient way to retrieve the password from your computer.


How it works

When you decide to store your document's password in the Keychain and enable Touch ID protection, the password is additionally encrypted with a unique code that is tied to your device. This ensures that the Keychain entry cannot be used on another computer. When opening a Touch ID protected document, Royal TSX shows a prompt provided by the operating system that asks you to authenticate with Touch ID.

To authenticate, just place your finger on the Touch ID sensor. If your fingerprint cannot be read you can alternatively unlock the document by entering your macOS username's password or cancel Touch ID authentication completely and fall back to entering the document's password.

After successful authentication we cache the result for 15 seconds which is convenient when opening multiple documents in succession (ie. when starting Royal TSX).


Requirements for enabling Touch ID protection

Touch ID protection is supported in Royal TSX (for macOS) 3.0 and later. For Touch ID protection to work, your document must be protected by an encryption password. Setting an encryption password is always a good idea as it protects your secrets with a personal password that only you know. You can enable encryption and set a personal password in the "Security" settings of your documents. Additionally, a Mac with Touch ID fingerprint sensor is obviously required.


Enabling Touch ID protection for new documents

For new documents and document passwords that you didn't previously store in the Keychain, enabling Touch ID protection is as easy as opening the document and selecting "Add Password to Keychain and protect with Touch ID" at the password prompt. The next time you open the document, you will be prompted to authenticate with Touch ID.


Enabling Touch ID protection for existing documents

If the document's password you want to protect with Touch ID has previously been added to the Keychain you must first remove the Keychain entry. To do so, open the "Security" settings of your document and click "Remove from Keychain". The next time you open the document you will be prompted for the encryption password and be given the chance to store the password in the Keychain and protect it with Touch ID, just like described in "Enabling Touch ID protection for new documents".

We think you'll love Touch ID integration in Royal TSX but if you have questions, suggestions for improvements or other feedback, please don't hesitate to contact us and let us know!