I submitted this feedback via the Play Store, but maybe that goes to /dev/null: I'm begging you, please don't really ship 1P8 with that I appreciate that there are people who enjoy that, but I am exclusively in possession of my phone, and the fingerprint auth matches my threat model and convenience level. Having an option for how often to require the full password allows those who value such oppressive security settings to opt into it, and allows the rest of us to not be filled with rage when using 1P Being forced to type my master password at times of the app's choosing is super inconvenient 1Password Version: 8.8.0 Extension Version: Not Provided OS Version: Android 12 Browser:_ Not Provided

Please drop the 'Your password is required every 2 weeks' requirement or make it an option. As I'm already using the biometric, this is a security overkill annoyance and meanwhile, the rest of the world is moving to passwordless authentication. 1Password Version: 8.8.0-210.BETA Extension Version: Not Provided OS Version: Android 12 Browser:_ Not Provided

@mdaniel, markbyrn thanks for sharing your thoughts with us. The intent with the two week period is to help ensure users do not lock themselves out of 1Password. With Biometric unlock set to never in 1Password 7 for Android, it's quite possible to go for extended periods without using your account password. While there is a convenience factor, the other side of this means that if a phone is damaged or replaced a user might find themselves forgetting their password and locked out of their data. I can definitely understand that for some, convenience might outweigh the scenario I described above. While I can't make any promises about the development of 1Password, I would be happy to share your feedback with the team. I know there is ongoing conversation on these topics and additional input is always appreciated! markbyrn, you might be interested to read about some of our steps towards passwordless options and our work with the FIDO Alliance in this blog post: * We’ve joined the FIDO Alliance to build a better future for authentication ref: IDEA-I-1144

Thank you for responding, and I would definitely appreciate the feedback going to the team For consideration, I would guess the number of folks who buy 1Password and then exclusively use the Android app to be a vanishingly small percentage. Thankfully, I'm sure you have the metrics to prove or disprove my hypothesis. If we just assume for a second that hypothesis is true, the users will for sure have to enter their password on other platforms (Linux, macOS, Windows, and any users who use the "appless" browser extensions). Let those vehicles serve as memory jogs, without punishing your very loyal Android users by forcing this security option upon them The app already has configurable expiry timeouts, so making this configurable would harmonize the experience

As mcdaniel suggested, many of us including myself use a multitude of devices and don't want the aggravation of entering the master password on multiple devices every two weeks. The feature needs to be re-thought and definitely made optional. And yes, I read the blog on future passwordless authentication. That's superb for the future and I'm already passwordless with Microsoft. But this feature needs to be made optional.

Glad I'm not alone on this. There should at the very least be a setting to disable this 2-week timeout. I'll more likely forget my own birthday then forget my master password :)

Please don't really require typing the password every 2 weeks

14 Replies

1P_Timothy
Community Manager
4 years ago
Thanks for your feedback markbyrn! I'm glad to hear you're enjoying those options
markbyrn
Occasional Contributor
4 years ago
Thrilled that options were added to ask every 30 days or never. Thanks much.
1P_Timothy
Community Manager
4 years ago
Hi kevdliu, I'm glad to hear you're enjoying this feature. Thanks so much for your feedback!
kevdliu
New Contributor
4 years ago
Just noticed that the latest 1password 8 update adds the option to never ask for master password when biometrics is enabled! I want to thank the people at AG who listened to our feedback and implemented the request!
1P_Timothy
Community Manager
4 years ago
Hello @basert, thanks for weighing in. While I don't have any updates at this time, we are having an internal discussion about alternative ways we can implement the unlock feature. Thanks again for sharing your interest!
Former Member
4 years ago
Pretty much the same reason for me to keep using the old app. My master password is long and complicated, while I have no issues typing it on my keyboard when using the browser or linux app, typing it on my phone is a really bad experience. Give us the option to disable the password check or at least make it optional (so that users that want to remember it can do so).
1P_Timothy
Community Manager
4 years ago
Hello Ronso, thanks for weighing in on this. Your feedback has been noted. If there's anything else we can help with, feel free to ask!
Ronso
Frequent Contributor
4 years ago
This was the reason why i uninstalled the new version. I love the design and i can ignore all the bugs which are there, because the client is in beta status. But I am not willed to enter my password every 2 weeks. That was the reason why I wanted to use a password manager. As a user who pays for this product I want at least an option to disable this functionallity.
1P_Timothy
Community Manager
4 years ago
Hi @mdaniel, markbyrn and kevdliu thank you very much for reiterating your interest in these options and adding to the use case. I have passed your interest along to the team. Let us know if there's anything else we can help with!
kevdliu
New Contributor
4 years ago
Glad I'm not alone on this. There should at the very least be a setting to disable this 2-week timeout. I'll more likely forget my own birthday then forget my master password :)