I'm a former Lastpass user who switched after their recent breach, and learned that they left entire URLs unencrypted. Overall I feel more comfortable with the security of 1Password, such as the required combination of both the secret key and password.
However there is one feature I did like about Lastpass that I would very much like to see with 1Password, which is the option to require Windows Hello authentication on EVERY form fill or viewing/accessing of any site 'entry'. I have a fingerprint sensor tied to Windows Hello which makes it very easy to authenticate when filling a form. With LP it would also require a Hello prompt when clicking into / viewing the details of any given "entry" I guess you'd call it. So instead of a delay that locks the vault after X minutes of idle, it would effectively always be locked, and each 'retrieval' requires separate authentication.
---Additional Thoughts / Context:
Perhaps this is already a non-issue based on how 1Password works, but my imagined scenario is if a virus on the computer is actively targeting password manager apps like 1Password, and just waits until I unlock 1Password (either the initial unlock when logging in, or after an idle period). Then my concern is if it would have the full minute (my idle delay is set to 1 minute) to pull what it wants from the vault, which for a piece of software would take no time at all.
I've read in other posts that 1Password might somehow limit access to one 'entry' at a time, so I'd appreciate some clarification. Even if it's not possible to just pull all of the vault at once, would it be possible for a virus to do it sequentially on every entry as a script while the vault is in an unlocked state?
1Password Version: Not Provided
Extension Version: Not Provided
_OS Version: Windows 11
Welcome to the 1Password Community. Thanks for your feature request about an option to require Windows Hello when filling forms or accessing any account data. This is not currently possible and I can't make any promises, but I'm happy to pass this request along to the Product team for consideration.
In the meantime, I'd suggest unlocking 1Password when you need to fill and then immediately manually lock the app using the keyboard shortcut
Ctrl + Shift + L.
With regard to your comments about malware on your device, if you unlock 1Password, we can't prevent any potential theft or misuse of your data. We rely on the user following the security recommendations of the platform.
If you believe this to ever be the case, we recommend you take appropriate actions to secure your device and rotate your account password and Secret Key. This guide refers to a lost or stolen device, but includes details about how to regenerate your Secret Key. Should you ever need to change your account password, those details are here.
Please let us know if you have any further questions or concerns!