Unlock Autofill using phone passcode?
Hi 1Password team,
After failing Face ID when trying to use 1Password Autofill for iOS, I was given the option to provide my phone passcode to unlock 1Password. Is this expected behavior? I would have thought that it falls back to the master password (never the phone passcode).
Here's a screenshot of where it gives me the option to provide the phone passcode instead:
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
This is a situation that we're aware of and will be working to better document. There is a workaround, which would prevent someone who knows your device passcode from accessing your data. To enable that workaround please open 1Password > Settings > Advanced > Security and then turn on
Always Show Lock Screen for Password AutoFill.Ben
0 -
Considering that this has a minimal impact on the user experience (and a potentially huge impact on security --- imagine all those people with 1234 as their passcode), would you consider changing this to be default-on?
I know a number of people who have weak phone passcodes and (as one might imagine for people who have weak phone passcodes) aren't going to be reading software documentation for their password manager. (If not, I have a new project to schedule a phone call with each of them to walk them through enabling it :).
0 -
It is an ongoing discussion. We can certainly re-evaluate our decision to not have this be on by default, but I can't promise what the outcome of that evaluation will be. Our security team considered this when initially approving the addition of autofill integration and approved it knowing this would be the situation.
I tend to actually prefer the experience with that setting enabled, and so it wouldn't bother me a bit if we made it the default. Of course, there are a lot of different use cases to factor in. I can't make any promises other than to say I'll make sure the discussion continues on our end.
Ben
0
