Is it possible to exclude Windows Hello PIN as an unlock option when using biometrics

omzaz
omzaz
Community Member
edited March 2023 in Windows

Hello,

When you enable the option to unlock 1Password with biometrics (i.e. via Windows Hello biometrics) you seem to also acquire the ability to unlock 1Password with the device (Windows Hello) PIN. This is a bit of a concern as it means someone who has gained access to your Windows computer and observed you entering your device PIN can also unlock 1Password.

This is different to iOS and Android where enabling biometric unlock in 1Password doesn't also lead to the ability to unlock 1Password with the device pin/passcode.

Is it possible to exclude Windows Hello PIN as a 1Password unlock option whilst allowing Windows Hello biometrics?

If its not possible, what is the obstacle preventing it? Is it that the option just hasn't been developed by 1Password or is it that Windows Hello doesn't allow apps to use Windows Hello biometrics independently of Windows Hello PIN?

Thanks

1Password Version: 8.10.0
Extension Version: Not Provided
OS Version: Windows 11
Browser:_ Not Provided

Comments

  • ag_mike_d
    ag_mike_d

    Hello @omzaz,

    Thanks for message and great question about excluding the Windows Hello PIN option.

    The 1Password for Windows desktop app hands the duty of unlocking off to Windows which allows you authenticate through Windows Hello using a PIN or biometrics and is reliant on Windows Security. Removing the PIN through the Windows Sign-in Options in settings, also disables other biometrics previously setup. Microsoft's below support page notes:

    You'll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.

    Learn about Windows Hello and how to set it up - Microsoft Support

    Please let us know if you have any other questions. We'll be happy to help where possible!

  • omzaz
    omzaz
    Community Member
    edited March 2023

    When setting up biometric authentication in iOS and Android, you also have to setup a device pin/password. In this regard Windows is no different to iOS and Android, and the link you have provided confirms the requirement to setup a device pin/password in if you want to setup biometrics in Windows). I think having a device pin/passcode for unlocking the device/operating system as a backup to biometrics is sensible.

    But what I'm referring to is usage of the device authentication methods by the applications running on the device. Your iOS and Android apps handoff unlocking to device to device biometrics but they don't allow the device pin/passcode to unlock the app (even though it is compulsory to have a device pin/passcode if you want to use biometrics). But your Windows app does allow the device pin/passcode to unlock it. Why does this difference in behaviour exist? The link you provided doesn't explain this.

    Thanks

  • ag_mike_d
    ag_mike_d

    Hello again @omzaz,

    Thanks for getting back to me. This is a difference between the OS's.

    As mentioned, for Windows, we hand the duty off to Window Security/Windows Hello and this service offers all available options added to your device under Windows Settings > Accounts > Sign-in options. We have no control over what options are is offered. With the PIN in place (along with any other biometrics), this option will always be presented by the Windows Hello prompt you receive when signing in to 1Password.

    I hope this information helps. We'll be here if you have any other concerns.

This discussion has been closed.