1password Extension unlock biometrics?

telephoneman2
telephoneman2
Community Member

Hi guys , is there a way to unlock the shiny new iOS safari extension via faceid or touchid. Thanks a lot


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @telephoneman2

    There sure is. 😁 Once you've unlocked with your Master Password the first time subsequent unlocks should happen via Touch ID / Face ID if enabled within the 1Password app, until you restart the device etc.

    I hope that helps!

    Ben

  • telephoneman2
    telephoneman2
    Community Member

    Ah that’s not obvious. Thanks

  • gmpalter
    gmpalter
    Community Member
    edited September 2021

    I've just updated my iPad to iPadOS 15, updated 1Password to 7.8. I've enabled the Safari extension. Face ID is enabled and the app has been unlocked with the Master Password.

    When I click on the 1Password icon in the Safari address bar, I'm seeing this

    (Having a UUID appear looks really weird.)

    I can tap on the Face ID icon and a pop-up window appears asking if I want to sign in. If I tap on Continue, Face ID happens and 1Password unlocks.

    Is that how this is supposed to work?

  • Thanks for the feedback on that @telephoneman2. I'll chat with our folks and see if there is a way we can make it more obvious without causing even further confusion.

    Ben

  • @gmpalter

    Yes, that does indeed look/sound correct to me. I'm working on getting an explanation for the UUID component, but I can confirm it is supposed to be there.

    Ben

  • Some additional information on the UUID:

    The ID shown on the lock screen should match the ID shown on the biometric prompt. This allows folks to confirm that the biometric request has come from 1Password. We hope in a future iOS update we might just see "1Password" there, rather than an ID, but this was what was available to us for this initial launch. :)

    Ben

  • telephoneman2
    telephoneman2
    Community Member

    @Ben would be good, I’m seeing the same. Show an UUID looks more suspicious then it raises trust, to be honest I can’t determine wether UUID is from a virus or malware or the lovely 1password. I totally fail here not being able to identify this 😜

  • At present the ID is the only available option, but hopefully other options will be made available to us in the future. :+1:

    Ben

  • Thomas
    Thomas
    Community Member

    The login seems to be lost after deleting your cookies in the Safari iOS browser, so you have to relogin with your master password. Is there any way for the 1pw extension to preserve them?

  • Thomas
    Thomas
    Community Member

    The login seems to be lost after deleting your cookies (=website data) in the Safari iOS browser, so you have to relogin with your master password. Is there any way for the 1pw extension to preserve them?

  • ag_ana
    ag_ana
    1Password Alumni

    @Thomas:

    The iOS extension works directly with the 1Password app, so even if you delete the cookies in Safari, that won't impact the way you authenticate to the 1Password app :+1:

  • ag_ana
    ag_ana
    1Password Alumni

    @Thomas:

    Actually, I wonder now if you are referring to the new extension in iOS 15, I mistakenly assumed you were referring to Autofill, sorry! I am not aware of a way to do this at the moment. Just so our developers can understand the scenario better, do you manually delete website data every day in iOS?

  • Thomas
    Thomas
    Community Member

    Yes, I do everyday a "Delete Website Data" click…

  • ag_ana
    ag_ana
    1Password Alumni

    @Thomas:

    The only other thing I can think of is if you have tried changing the value of 1Password Settings > Safari Extension > Require Authorization After, and change the default value from 1 Day to 1 Week. Is the extension remaining unlocked for you in that case?

  • desmondfuller
    desmondfuller
    Community Member

    I’d like to know the same thing.

  • ag_ana
    ag_ana
    1Password Alumni

    @desmondfuller:

    What is the value of the setting I mentioned in my previous post in your 1Password app?

  • Thomas
    Thomas
    Community Member

    @ag_ana - that helped. When I set require auth after to 1 week and delete the website data, 1password takes a while to relogin (and I get a corresponding e-mail). Thanks a lot!

  • ag_ana
    ag_ana
    1Password Alumni

    You are welcome @Thomas! I am glad I could help :)

  • desmondfuller
    desmondfuller
    Community Member

    @ag_ana I should clarify since I didn't give you much to go on. Let me share a better explanation.

    1. Cold start of iPhone 12 running iOS 15 (reboot)
    2. After restart, I open 1password app and I have to enter the password or use FaceID. I choose the latter.
    3. I go into Safari. Go to website.

    Here is where I think the flow is unusual. I have AutoFill Passwords option turn on with the phone (since this is what I would use with iOs 14). Now when I go to a website I see the 1Password icon in the userID field on the website AND I have the key icon and "Passwords" box above the virtual keyboard.

    Two choices to use (which now seems redundant with the new extension):

    1. If I select the Passwords selection on the bottom, it brings up the faceID and brings up the account login information.

    2. If I select the 1password icon in the UserID field, I will get the "Please unlock 1Password from the toolbar icon". This I assume is because this is a cold start and it is not using the local 1Password app verification.

    I click the puzzle piece at the bottom (which is sometimes hidden by the virtual keyboard "Passwords" box) and select 1Password. 1Password comes up and here is where the question comes. I have to enter my 1Password mater password and there is no biometric ability here.

    That last sentence was what I was trying to understand on lack of biometric. I am guessing that 1Password is not using the local 1Password app for verification and is using the online service only so to 1Password makes you use the Master Password since this is your "first time" and will remember from that point on (for 1 day by default unless changed).

  • telephoneman2
    telephoneman2
    Community Member

    @desmondfuller yes that flow is at least strange and not intuitive

  • Owls1867
    Owls1867
    Community Member

    Forgive me, but I’m not getting the point of this new Safari extension (and I don’t get the point on my desktop either). Before the extension, I had to use TouchID each time I logged in to a website. Now I (anyone?) can log into any website on my phone without needing biometrics or the master password.

    How is this secure? Enabling the extension allows anyone to log in. Switching off the extension obviously prevents this, but again this can easily be switched back on by anyone who knows about the extension. I have no way of removing the function completely.

    My concern is that, although I use TouchID to unlock my phone, my phone can also be unlocked with the passcode (which is what my children do to play games). But no-one could log into websites as they couldn’t unlock 1Password. Now the extension is present, you don’t need biometrics or TouchID and can simply log in.

    Am I missing something?

  • dragon1
    dragon1
    Community Member

    So it's only locking after 15 Minutes (minimum setting) or when I manually lock it?

    Quite a big security issue in my eyes...
    I "always" have to get in mind to do it, before giving my iOS device to someone else (show something or family/kids).

    Even locking the iOS device doesn't help at all.

    For me it's better to "not" use this new extension until this issues are solved (hope they will).

  • Owls1867
    Owls1867
    Community Member

    Unfortunately there isn’t a way to remove it, only switch it off (but it can easily be switched on again). I too have set it to the minimum of 15 mins, but that’s 15 mins too long in my opinion.

This discussion has been closed.