touch id stops working when Master Password is required

haheeren
haheeren
Community Member

I have had an ongoing problem where touch id stops working. It happens after "Require Master Password every - 2 weeks" is triggered. After that it won't give me the option of touch id. When I try to set up it up again in security preferences it won't let me select "allow touch id to unlock 1password". It's faded instead of bold and won't let me click on it. Touch id is enabled on my mac. Sometimes I get it to work, but I'm never sure how I've done it. Can you tell me how to get it working and keep it working? Also as a suggestion for future improvement, I'd really like to be able to set the Require Master Password for a longer duration like 3 months, but 2 weeks is the longest option it gives me.


1Password Version: 7.1.2
Extension Version: 4.7.3.90
OS Version: macOS 10.13.6
Sync Type: dropbox

Comments

  • Lars
    Lars
    1Password Alumni

    @haheeren - I'm sorry for the trouble! Did you import this user account from another Mac via either Time Machine or Migration Assistant? Or have you done anything else involving the login keychain for this user account on your Mac? If so, that may be the problem -- or at least part of it. Let me know.

    I'd really like to be able to set the Require Master Password for a longer duration like 3 months, but 2 weeks is the longest option it gives me.

    I hear you, but I can almost guarantee you we aren't going to be doing this. We actually did something like it on iOS in the recent past (we found a way for Touch ID to persist even across restarts), and the result was that when we allowed people to set their duration to either "Never" or to several months, a lot of them did...and then promptly forgot their Master Passwords, because they no longer had to go through the exercise of actually entering them every so often, which is what helps people remember it (repetition). We can't have people never enter their Master Password at all, since it is that which is used to derive the encryption keys that transform your data from ciphertext to human (and machine)-readable data, but I don't think anything longer than a couple of weeks is likely to get much traction.

    Let me know regarding your user keychain on your Mac, and we'll see if we can solve the Touch ID issue you're having! :)

  • haheeren
    haheeren
    Community Member

    Hi, I haven't imported my account from another Mac or done anything involving the login keychain. I was trying to remember what I had done in the past to get it working again and decided to try shutting down my computer and restarting it. After I did that 1password opened with my touchid, and the "allow touchid" in the security preferences is checked. So it that the secret? When after 2 weeks and I'm required to use the Master Password I will need to shutdown the computer and restart it to get touchid working again.

  • Lars
    Lars
    1Password Alumni

    @haheeren - no, you'll still need to enter your Master Password sometimes, for the reasons I gave in my last reply. However, entering the Master Password in such a case will reset whatever timeout you have specified in Preferences > Security.

  • haheeren
    haheeren
    Community Member

    You misunderstood my question. I have been entering the Master Password each time I need to open the program ever since the 2 weeks was up. It would not give me the option to re-initiate the touch id until I shutdown my computer and restarted it. Is that the way it is supposed to work?

  • Lars
    Lars
    1Password Alumni

    @haheeren - no. Was Touch ID working for other things on your Mac during the time you were having to enter your Master Password each time in 1Password to unlock?

  • Duane Williams
    Duane Williams
    Community Member

    The iOS version of 1Password does allow one to set Require Master Password to "Never".

  • Lars
    Lars
    1Password Alumni
    edited February 2019

    @Duane Williams - right, and it continues to cause problems for some users, because "Never" doesn't mean under all circumstances. It just means that as long as the current version of 1Password for iOS and iOS itself are running correctly and Touch ID hasn't crashed, you won't be asked for your Master Password. That can be quite a long time indeed -- weeks, maybe even months. But there are certain circumstances we can't get around: upgrading iOS is one of them. Touch ID crashing is another. In those cases, you MUST re-enter your Master Password in order to re-enable Touch ID...and if you don't remember it because you haven't been required to practice entering it (which helps memorize it), you will be out of luck unless you have a 1Password Families or 1Password Teams account where an Administrator or Family Organizer can assist you in recovering your 1password.com account. That's precisely why we won't be instituting the "never" option in 1Password for Mac.

  • Duane Williams
    Duane Williams
    Community Member

    So you are inconveniencing everyone because some people with weak memories are irresponsible in not writing their master password down and putting it in a drawer where they can find it, just in case they forget. What are you going to do for people who die suddenly, leaving all their critical passwords stored in 1Password, locked away forever because they didn't put the master password in a place where their heirs could find it?

  • Duane Williams
    Duane Williams
    Community Member

    I would be really annoyed if I had to frequently retype my master password on the tiny, error prone, screen keyboard of my iPhone. I'm annoyed when I have to retype it on my iPad. You know, someone might get annoyed enough to set their master password to something trivial to type, in which case your effort to get people to remember their password will result in a lot of insecure master passwords.

  • Hi @Duane Williams

    I would be really annoyed if I had to frequently retype my master password on the tiny, error prone, screen keyboard of my iPhone

    You know, someone might get annoyed enough to set their master password to something trivial to type, in which case your effort to get people to remember their password will result in a lot of insecure master passwords.

    Ultimately encryption of your data with your Master Password is what protects you, and biometric authentication is not a replacement for it. It is up to your discretion to pick a Master Password that gives you a balance of security and convenience that you are comfortable with for your particular situation. However you strike that balance it is critical to remember it.

    What are you going to do for people who die suddenly, leaving all their critical passwords stored in 1Password, locked away forever because they didn't put the master password in a place where their heirs could find it?

    The situation you've described sounds like a separate issue, and one that isn't going to be solved by software. The Master Password is required to decrypt 1Password data. We do offer folks the Emergency Kit, so they can help prevent such a situation, but this isn't a problem technology alone can solve:

    Get to know your Emergency Kit

    So you are inconveniencing everyone because some people with weak memories are irresponsible in not writing their master password down and putting it in a drawer where they can find it, just in case they forget.

    1Password makes life more convenient by making it such that you don't have to remember or type 99% of your passwords. You do still have to remember and type one (your Master Password).

    Ben

  • Lars
    Lars
    1Password Alumni

    @Duane Williams

    I would be really annoyed if I had to frequently retype my master password on the tiny, error prone, screen keyboard of my iPhone.

    I might if that were the case as well. Fortunately, it isn't. We may be removing the "Never" option in 1Password for iOS (though it's not a high-priority item either way currently), but even if we did that, there would still be options for 2 weeks and 30 days, so people can set the frequency to something that suits them better, while still not potentially falling victim to the idea that a "Never" setting means they will never again have to enter their Master Password and can thus forget it.

    Oddly enough, I happened to install the 12.1.4 supplemental update to iOS just late yesterday, and so literally when I was preparing this reply to your post just now, I had to re-enter my Master Password because I'd updated iOS. That's one of the cases I mentioned earlier that we can't work around: iOS updates. Had I set my timeout to "Never" I'd still have had to enter my Master Password this morning as a result. And had I been erroneously convinced by the presence of a "Never" setting into thinking I didn't have to remember that long, difficult-to-type Master Password I created, I might now be stuck without all of my most important data. That's just not a position we want any user to be in, ever, and it's why we likely won't be expanding the timeout of 1Password for Mac past the current two week maximum setting: because the inconvenience of having to type one's Master Password every two weeks is far less of a problem than losing access to one's data.

This discussion has been closed.