Please don't really require typing the password every 2 weeks

mdanielmdaniel
Community Member

I submitted this feedback via the Play Store, but maybe that goes to /dev/null: I'm begging you, please don't really ship 1P8 with that

I appreciate that there are people who enjoy that, but I am exclusively in possession of my phone, and the fingerprint auth matches my threat model and convenience level. Having an option for how often to require the full password allows those who value such oppressive security settings to opt into it, and allows the rest of us to not be filled with rage when using 1P

Being forced to type my master password at times of the app's choosing is super inconvenient


1Password Version: 8.8.0
Extension Version: Not Provided
OS Version: Android 12
Browser:_ Not Provided

Comments

  • markbyrnmarkbyrn
    Community Member

    Please drop the 'Your password is required every 2 weeks' requirement or make it an option. As I'm already using the biometric, this is a security overkill annoyance and meanwhile, the rest of the world is moving to passwordless authentication.


    1Password Version: 8.8.0-210.BETA
    Extension Version: Not Provided
    OS Version: Android 12
    Browser:_ Not Provided

  • ag_timothyag_timothy

    Team Member

    @mdaniel, @markbyrn thanks for sharing your thoughts with us.

    The intent with the two week period is to help ensure users do not lock themselves out of 1Password. With Biometric unlock set to never in 1Password 7 for Android, it's quite possible to go for extended periods without using your account password. While there is a convenience factor, the other side of this means that if a phone is damaged or replaced a user might find themselves forgetting their password and locked out of their data.

    I can definitely understand that for some, convenience might outweigh the scenario I described above. While I can't make any promises about the development of 1Password, I would be happy to share your feedback with the team. I know there is ongoing conversation on these topics and additional input is always appreciated!

    @markbyrn, you might be interested to read about some of our steps towards passwordless options and our work with the FIDO Alliance in this blog post:

    ref: IDEA-I-1144

  • mdanielmdaniel
    Community Member

    Thank you for responding, and I would definitely appreciate the feedback going to the team

    For consideration, I would guess the number of folks who buy 1Password and then exclusively use the Android app to be a vanishingly small percentage. Thankfully, I'm sure you have the metrics to prove or disprove my hypothesis.

    If we just assume for a second that hypothesis is true, the users will for sure have to enter their password on other platforms (Linux, macOS, Windows, and any users who use the "appless" browser extensions). Let those vehicles serve as memory jogs, without punishing your very loyal Android users by forcing this security option upon them

    The app already has configurable expiry timeouts, so making this configurable would harmonize the experience

  • markbyrnmarkbyrn
    Community Member

    As mcdaniel suggested, many of us including myself use a multitude of devices and don't want the aggravation of entering the master password on multiple devices every two weeks. The feature needs to be re-thought and definitely made optional. And yes, I read the blog on future passwordless authentication. That's superb for the future and I'm already passwordless with Microsoft. But this feature needs to be made optional.

  • kevdliukevdliu
    Community Member

    Glad I'm not alone on this. There should at the very least be a setting to disable this 2-week timeout. I'll more likely forget my own birthday then forget my master password :)

  • ag_timothyag_timothy

    Team Member

    Hi @mdaniel, @markbyrn and @kevdliu thank you very much for reiterating your interest in these options and adding to the use case. I have passed your interest along to the team. Let us know if there's anything else we can help with!

  • RonsoRonso
    Community Member

    This was the reason why i uninstalled the new version. I love the design and i can ignore all the bugs which are there, because the client is in beta status. But I am not willed to enter my password every 2 weeks. That was the reason why I wanted to use a password manager. As a user who pays for this product I want at least an option to disable this functionallity.

  • ag_timothyag_timothy

    Team Member

    Hello @Ronso, thanks for weighing in on this. Your feedback has been noted. If there's anything else we can help with, feel free to ask!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file