Please don't really require typing the password every 2 weeks

mdaniel
mdaniel
Community Member

I submitted this feedback via the Play Store, but maybe that goes to /dev/null: I'm begging you, please don't really ship 1P8 with that

I appreciate that there are people who enjoy that, but I am exclusively in possession of my phone, and the fingerprint auth matches my threat model and convenience level. Having an option for how often to require the full password allows those who value such oppressive security settings to opt into it, and allows the rest of us to not be filled with rage when using 1P

Being forced to type my master password at times of the app's choosing is super inconvenient


1Password Version: 8.8.0
Extension Version: Not Provided
OS Version: Android 12
Browser:_ Not Provided

Comments

  • markbyrn
    markbyrn
    Community Member

    Please drop the 'Your password is required every 2 weeks' requirement or make it an option. As I'm already using the biometric, this is a security overkill annoyance and meanwhile, the rest of the world is moving to passwordless authentication.


    1Password Version: 8.8.0-210.BETA
    Extension Version: Not Provided
    OS Version: Android 12
    Browser:_ Not Provided

  • @mdaniel, @markbyrn thanks for sharing your thoughts with us.

    The intent with the two week period is to help ensure users do not lock themselves out of 1Password. With Biometric unlock set to never in 1Password 7 for Android, it's quite possible to go for extended periods without using your account password. While there is a convenience factor, the other side of this means that if a phone is damaged or replaced a user might find themselves forgetting their password and locked out of their data.

    I can definitely understand that for some, convenience might outweigh the scenario I described above. While I can't make any promises about the development of 1Password, I would be happy to share your feedback with the team. I know there is ongoing conversation on these topics and additional input is always appreciated!

    @markbyrn, you might be interested to read about some of our steps towards passwordless options and our work with the FIDO Alliance in this blog post:

    ref: IDEA-I-1144

  • mdaniel
    mdaniel
    Community Member

    Thank you for responding, and I would definitely appreciate the feedback going to the team

    For consideration, I would guess the number of folks who buy 1Password and then exclusively use the Android app to be a vanishingly small percentage. Thankfully, I'm sure you have the metrics to prove or disprove my hypothesis.

    If we just assume for a second that hypothesis is true, the users will for sure have to enter their password on other platforms (Linux, macOS, Windows, and any users who use the "appless" browser extensions). Let those vehicles serve as memory jogs, without punishing your very loyal Android users by forcing this security option upon them

    The app already has configurable expiry timeouts, so making this configurable would harmonize the experience

  • markbyrn
    markbyrn
    Community Member

    As mcdaniel suggested, many of us including myself use a multitude of devices and don't want the aggravation of entering the master password on multiple devices every two weeks. The feature needs to be re-thought and definitely made optional. And yes, I read the blog on future passwordless authentication. That's superb for the future and I'm already passwordless with Microsoft. But this feature needs to be made optional.

  • kevdliu
    kevdliu
    Community Member

    Glad I'm not alone on this. There should at the very least be a setting to disable this 2-week timeout. I'll more likely forget my own birthday then forget my master password :)

  • Hi @mdaniel, @markbyrn and @kevdliu thank you very much for reiterating your interest in these options and adding to the use case. I have passed your interest along to the team. Let us know if there's anything else we can help with!

  • Ronso
    Ronso
    Community Member

    This was the reason why i uninstalled the new version. I love the design and i can ignore all the bugs which are there, because the client is in beta status. But I am not willed to enter my password every 2 weeks. That was the reason why I wanted to use a password manager. As a user who pays for this product I want at least an option to disable this functionallity.

  • Hello @Ronso, thanks for weighing in on this. Your feedback has been noted. If there's anything else we can help with, feel free to ask!

  • basert
    basert
    Community Member

    Pretty much the same reason for me to keep using the old app. My master password is long and complicated, while I have no issues typing it on my keyboard when using the browser or linux app, typing it on my phone is a really bad experience. Give us the option to disable the password check or at least make it optional (so that users that want to remember it can do so).

  • Hello @basert, thanks for weighing in. While I don't have any updates at this time, we are having an internal discussion about alternative ways we can implement the unlock feature. Thanks again for sharing your interest!

  • kevdliu
    kevdliu
    Community Member

    Just noticed that the latest 1password 8 update adds the option to never ask for master password when biometrics is enabled! I want to thank the people at AG who listened to our feedback and implemented the request!

  • Hi @kevdliu, I'm glad to hear you're enjoying this feature. Thanks so much for your feedback!

  • markbyrn
    markbyrn
    Community Member

    Thrilled that options were added to ask every 30 days or never. Thanks much.

  • Thanks for your feedback @markbyrn! I'm glad to hear you're enjoying those options

This discussion has been closed.