Asking for master password every 2 weeks on every machine is too much
I have 2 macbooks (one from work and one personal) and 1 PC. All 3 devices require me typing the master password at least every 2 weeks. On top of that, it's occasionally required on my phone as well. It's too much friction for using such a basic tool. I don't think there is anything we can do about it in Preferences. But in case I was wrong you can ignore the rest of the post.
I got my 1password subscription from my work. My wife loves it and uses it everyday. And I should say I love the concept as well. I tried to use it two period of times. But the frequency it requires master password is just too annoying.
I've read several similar posts from the past. The dev have made it clear that they do not intend to change this behavior. So this post is mainly just voicing my frustration. https://1password.community/discussion/108258/requirement-for-re-enter-master-password-every-2-weeks
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:require master password
Comments
-
@chrissshe The master password is the main thing protecting your password vault from an attacker with access to your devices. It is used to generate the encryption key which protects your data. I guess you're required to enter it every 2 weeks to reduce the risk of forgetting it.
If its too much to enter it every 2 weeks then that suggests you've chosen something difficult to type/remember. If its a randomly generated password then you may find a passphrase easier to type/remember.
Your secret key protects against remote attackers probing 1Password servers. So your master password only needs to be 16-20 characters if using non-dictionary words or a bit longer if using dictionary words.
0 -
Of course, having multiple devices means that you need to unlock 1Password multiple times, but I am still curious to know if you have noticed which device is locking more often for you? Is it a desktop computer or a mobile device?
0 -
Please let us know this information:
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not ProvidedIn addition, this information will also be useful:
- Browser used and browser version
- Whether this happens in the 1Password desktop app, or in the 1Password browser extension
- How often 1Password locks exactly? Is it 10 minutes? 24 hours? 7 days?
0 -
Hi @ag_ana, just to clarify, it's NOT a bug. I believe this is the expected behavior of 1password. However, I'm expressing my frustration about this design choice. It has been the same design since I first tried it in 2019
To iterate, as how the app is designed, each of my three computers needs retyping master password every now and then. The maximum period I'm allowed to set is 2 weeks. So on average, I have to enter master password three times every 2 weeks
1 -
What’s the current implementation?
Two weeks after the last password request per device or two weeks after the last password request on any device used by one account? (Or something else?)
0 -
just to clarify, it's NOT a bug. I believe this is the expected behavior of 1password. However, I'm expressing my frustration about this design choice. It has been the same design since I first tried it in 2019
I agree that it's not a bug, I just think you have your auto lock settings configured in the wrong manner ;) Hence my request for information.
0 -
The lock settings are per device, otherwise it would not make any sense to offer different locking options on different devices, as one would just overwrite all of the others :+1:
In addition to this, is it in any way possible for you to answer the questions I sent you above so we can help you and understand your configuration? It will take much longer to just guess your configuration information until we figure out how you have things really configured. Thank you!
0 -
@ag_ana You questions ask for the versions on various devices. I don't really have the "configuration" any more because I no longer use 1password. My latest trial period was in December. I installed the latest version at the time and then deleted them. To answer your question, I would have to download the latest version and immediately tell you that version number which is kinda pointless. Other questions:
- it happened in the macbook APPs. I didn't play much around the extension
- I can't tell EXACTLY how often they lock because I don't keep a timer for them. But roughly 2 weeks per device feels about right (it matches the setting anyway)
About "otherwise it would not make any sense to offer different locking options...", your argument is basically "The lock settings are per device because we offer this settings per device". I don't even know how to respond to this... Yes you are right. As I mentioned in my initially post, my whole point is while I understand this is how 1password chooses to be, IMO it is a bad design. The longest a user can set is every 2 weeks. When taking multiple devices into account, it's annoyingly frequent.
Others are free to disagree with me. I just want to echo what previous users brought up in 2019 https://1password.community/discussion/108258/requirement-for-re-enter-master-password-every-2-weeks and see if there is a way to pass this opinion to the 1password team, who rejected it back then. I'd appreciate it if you could pass along the msg. With that, we can close this ticket as the communication was getting unpleasant. I do appreciate you working at this time. Have a good rest of the holiday.
0 -
@ag_ana You questions ask for the versions on various devices. I don't really have the "configuration" any more because I no longer use 1password. My latest trial period was in December. I installed the latest version at the time and then deleted them. To answer your question, I would have to download the latest version and immediately tell you that version number which is kinda pointless. Other questions:
- it happened in the macbook APPs. I didn't play much around the extension
- I can't tell EXACTLY how often they lock because I don't keep a timer for them. But roughly 2 weeks per device feels about right (it matches the setting anyway)
About "otherwise it would not make any sense to offer different locking options...", your argument is basically "The lock settings are per device because we offer this settings per device". I don't even know how to respond to this... Yes you are right. As I mentioned in my initially post, my whole point is while I understand this is how 1password chooses to be, IMO it is a bad design. The longest a user can set is every 2 weeks. When taking multiple devices into account, it's annoyingly frequent.
Others are free to disagree with me. I just want to echo what previous users brought up in 2019 https://1password.community/discussion/108258/requirement-for-re-enter-master-password-every-2-weeks and see if there is a way to pass this opinion to the 1password team, who rejected it back then. I'd appreciate it if you could pass along the msg. With that, we can close this ticket.
0 -
Hi @chrissshe
Unlocking is something that happens entirely on the local device, and can be done offline. I'm not sure there would be a secure and reliable way to have the fact that one device has unlocked affect the state of other devices. That said I'd be happy to mention the thought to our security and engineering teams so they can bounce the idea around. Thank you for your interest in making 1Password better. :+1:
Ben
0
![[Deleted User]](https://wb.vanillicon.com/v2/b2b26d20f9d8e83917f1b2b1645573fc.svg)
