Disable Password Reauthentication After 2 Weeks in 1Password 8

OddycmOddycm
Community Member

Hello,

On 1Password 7 I remember there being an option to disable reauthentication permanently, this allowed me to use Face ID to authenticate for many months and ensure that I’m not prompted to type in a password (especially in a public place where someone might be behind me).

On 1Password 8 for iOS I see in the settings it states “You’ll still need to enter your account password every 2 weeks or when Face ID isn’t available”.

Is there any way to disable reauthentication via a Master password every two weeks?


1Password Version: 8.9.0
Extension Version: Not Provided
OS Version: iOS
Browser:_ Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @Oddycm

    There was an option called "never" in 1Password 7, but it wasn't truly never. There isn't a way to disable this, but I wrote about our latest thoughts on the subject here:

    https://1password.community/discussion/comment/650390/#Comment_650390

    While I can't promise any specific changes at this point, there are some interesting ideas on the table to make this a better user experience.

    Ben

  • The2ndOctaveThe2ndOctave
    Community Member

    I really need this feature back. Or at least an option that is longer than 2 weeks. I don't understand the resistance to offer more options to users...

  • Jack.P_1PJack.P_1P

    Team Member

    Hi @The2ndOctave:

    Thanks for your additional feedback here. As Ben mentioned in his linked post, adding the two week timer has reduced the number of forgotten password situations. While I can't promise anything specifically, what would be ideal here is some sort of global sync timer, where entering your account password on your desktop means you won't be prompted on your phone.

    Jack

  • TMEITMEI
    Community Member

    +1

    Forcing user to enter there Password every 2 weeks will just end with user turning to weak Master-Passwords...

  • The2ndOctaveThe2ndOctave
    Community Member

    That's precisely what I'll have to do if I'm forced to enter the password every 2 weeks. I'll change it to a weaker password—which sucks.

  • Random206Random206
    Community Member

    +1 on this. I absolutely hate the fact that I need to authenticate every 2 weeks. It’s honestly infuriating. The fact I can’t turn this off and JUST use biometrics is upsetting even further. For security reasons, I don’t want to open my phone up to be prompted to type in a password where I may be filmed doing so.

    Same goes for the safari extension. Reauthorising the extension….every week….is not acceptable in my standards. I’d like to see both these options removed and the ability to have ‘Never’, and actually be never.

  • mikeizzymikeizzy
    Community Member

    By removing the feature to set Require Master Password to “Never”, you will lose customers. I have the family plan, and this will be a deal breaker for some of us. We will continue to use 1Password 7 for now, but eventually we will switch to another service if this feature doesn’t return.

  • webhillwebhill
    Community Member

    The thing is, it was hard enough to get the octogenarians and nonagenarians in the family to use 1password WITHOUT the mandatory reauthentication. With it? Not possible. Please bring back the “Never” option. Otherwise my parents will go back to reusing the same old password every time and I will be very sad.

  • nprnpr
    Community Member

    This leads to a very poor mobile experience- or a very week master password- like the new home screen, the choice is yours!

  • OddycmOddycm
    Community Member

    @Ben @Jack.P_1P

    It seems there is some pushback to this design decision in 1Password 8, not just here but in a couple other posts and on Reddit as well.

    I understand the reasoning falls in the realm of helping users remember their password to ensure they are not locked out, though realistically there is only so much you can do to prevent people from shooting them selves in the foot.

    The crowd of people that don’t plan ahead with saving their master password and secret key will always be at risk of locking themselves out, I hope those of us that do have a plan and may even practice our Master passwords by ourselves do not have to be forced to do so by the software.

    Furthermore, bringing back the “Never” authentication option may be the simplest path forward rather than something a lot fancier like a global counter.

    Please convey these dissatisfactions internally though any ticketing procedures you may have.

  • XIIIXIII
    Community Member

    I'm not a native speaker, but I think the way to put this is "we're tarred with the same brush"?

    Already reported this during the Early Access: extremely disappointed that you punish all users for an issue some might encounter.

  • wisewalnutwisewalnut
    Community Member

    @Ben @Jack.P_1P

    I’ve been using 1Password for many years and most of the time I have no problem remembering my 1Password password but sometimes my mind just blanks on me. I’ve had it happen multiple times when I couldn’t for the life of me remember my 1Password password when asked for it. Luckily I can usually grab another device with Touch ID and access 1Password to check my 1Password password (unless Touch ID fails three times, in which case I have to dig out my emergency kit, which is really annoying but has only happened once so far). The thought that the other device might then also require me to enter my 1Password password, just because it does so every two weeks, kind of scares me. This also defeats the main reason for me to use 1Password, which is that I can always access my passwords somewhat easily.

    Also this would probably mean I have to type in my password almost every time I use 1Password on my phone as I don’t use it that often, which is annoying. One of the other reasons for using 1Password is to not type passwords as typing a password is always super annoying, especially on a phone.

    So please reconsider adding a “never” option. Not having this makes 1Password really hard to use for me.

    Side request: Currently you have to enter your password when Touch ID / Face ID fails three times, could you please increase the amount of retries allowed (iOS has five attempts before requiring your passcode, I think eight would be a good amount for 1Password). This limit has been the main cause requiring me to enter my 1Password password in the past which can be a major inconvenience as described.

  • greggmcgreggmc
    Community Member

    Just upgraded to v8 on iOS and noticed the lack of “never”, so I came here to voice my wish add that back. I have lived with this misfeature on macOS for a while, but didn’t expect it to also be part of the v8 update on iOS/iPadOS. This will do nothing but force weaker password and/or complicate my family members usage of 1Password. Please bring back “never”.

  • steven1steven1
    Community Member

    One of the nice use cases that was made possible with "Never require Authentication" was exactly the kind of secure estate planning that people have been asking for:
    -Use a 'spare' iPhone with 1pw configured on your account with 'Never'.
    -Create a device passcode that you share with your digital estate executor
    -update all passwords and put the phone in a safe or give to attorney. They have physical posession but not digital possession.
    Upon propoer authorization, the attorney can give your phone as per your wishes, who unlocks the phone, and then has access to all your passwords since it was set to 'Never'.

    If you keep your 1pw secret key and master password in this vault, that is all they need to access your account, You only ned to sync if you change your master password. Or, if you have a family subscription, you use one of the members' vaults to store your 1pw details, no need to change their pw and sync regularly.

    Oh well...been a vocal propoent of 1pw for many years, but the "we know best" attitude sure is wearing thin.

  • lwfitzgeraldlwfitzgerald
    Community Member
    edited August 13

    I've also just upgraded to v8 on iOS and was surprised to see the 2 week expiry added with no option to disable this to match the old v7 behaviour.

    To echo what @steven1 said, I really don't appreciate being babied and told that I can't be trusted to remember my master password without being prompted for it every 2 weeks. I also think other posters make a very good point that for those users that might forget their master password, this will just lead to them weakening them ala iOS 4 digit numeric lock codes.

    To give a real world example where this is intensely frustrating - I have a bunch of cards with individual PINs. When I withdraw cash at an ATM, I really don't want to be surprised by having to enter my (long/strong) master password while people wait behind me. Being locked out like this totally breaks the "just quickly open and get the password for something"-utility that I expect of a mobile password manager.

    Solving this really seems as simple as adding an reauth-timeout option (including "never"). I don't really understand the objection to doing this?

  • tetardbleutetardbleu
    Community Member

    @Jack.P_1P

    what would be ideal here is some sort of global sync timer, where entering your account password on your desktop means you won't be prompted on your phone.

    I sincerely think it would be a great bridge between security and usability. Please add my vote for this.

  • joshhugginsjoshhuggins
    Community Member

    Oh man, I am in such hot water with the wife. Just "upgraded" her phone to v8 and noticed that it has to sign in every 2 weeks. She has always just used biometric. The whole point is to have a strong complicated password to protect the account. She is not going to be doing that every 2 weeks, especially if she is out away from home where the main password is stored. You kidding me? If this doesn't get straightened out by the time our renewal comes up we will be done. Man I really don't want to have to move everything over to another service. Uggg 🙄 So frustrating!

  • DJRifulDJRiful
    Community Member
    edited August 25

    This is really annoying every 2 weeks, my iOS already running Face ID or pin.

    My password is like 40 characters long, and I had to re-enter this every 2 weeks on my tiny iPhone 12 mini keyboard. It's painful and stupid - if I need to access my stuff in 1Password at store area. "Sorry give me 5 mins to unlock my account".

    Here goes, I'm going to set my master password down to 8 characters.

  • leesweetleesweet
    Community Member
    edited August 25

    On my desktop I enter the MP several times a day, at least. The (user specific, bad) reason of 'forgetting' really needs the syncing idea implemented so you know (if you care) that we do indeed 'know' the MP. On the phone is the worst place to ever enter the MP, and was when back in the day I hated 1P totally (before larger phones, keyboards, touch-ID, etc.).

    Not going to start on least common denominator user support, etc.

  • NetMageNetMage
    Community Member

    There is always the option of upgrading back to 1Password 7. Between no Watch App, the terrible search experience, the less readable account screen, and this, I am thinking of doing it.

  • OddycmOddycm
    Community Member
    edited August 30

    Looks like the recent update has brought back the “Never” option in 1Password 8!

    Just wanted to post a big thank you to the 1Password team for listening to the user feedbacks 🙂

  • sjdennissjdennis
    Community Member

    Is this New requirement to re-enter your password every two weeks, or change your password every two weeks? I haven’t upgraded to 1Password 8 yet pending clarification on this issue. If one has to change their password every two weeks that would be F’ing ridiculous.

  • Dave_1PDave_1P

    Team Member
    edited September 22

    I want to thank everyone for taking the time to write in with their feedback. As of version 8.9.3 of 1Password for iOS (released August 30th 2022) you can now choose how often you're prompted for your account password.

    If you haven't already you can update using this guide: How to keep 1Password up to date

    @sjdennis

    When 1Password 8 for iOS first launched the app required users to enter their account password every two weeks even if Touch ID / Face ID was enabled. With the latest update to 1Password 8 users can now choose how often they're asked for their account password:

    • Never
    • Every 2 weeks
    • Every 30 days

    I hope that helps! 😊

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file