feature request: More options for how frequently password is required when using biometrics
Hi 1Password community!
Biometrics like FaceID, TouchID, and Windows Hello are super helpful, but no replacement for passwords. Near-total reliance on biometrics poses two issues:
1. Infrequently entering the encryption (master) password increases the likelihood that it is forgotten.
2. Anyone with biometric access has full access to unencrypted passwords.
1Password already addresses issue (1) by providing an option to require the encryption password every 2 weeks or 30 days. However, issue (2) is unresolved. Attackers can force a data owner to provide biometrics without consent just by touching a finger to the scanner or holding a phone up to the face, though this is uncommon. More commonly, many people share biometric login on their phone or computer with one or more people for convenience. When only biometrics are required to decrypt, any of these other users could access all the passwords.
The solution to this can be thought of as essentially on-device multi-factor authentication: something you know and something you have. At the very least, this request is for more options for shorter time windows in which biometrics can unlock without a password (e.g. 24, 12, 6 hours).
In the ideal case, this request is also for an option to match the behavior of physical authentication devices (e.g. smart cards/keys) that require a user to have both the card and a pin to authenticate.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hello @glxiia,
Thanks for your feedback about adding some additional options to require the account password at shorter intervals such as days and hours. We understand how import security of your data is and I've passed your feedback along to the Product team for consideration.
In the ideal case, this request is also for an option to match the behavior of physical authentication devices (e.g. smart cards/keys) that require a user to have both the card and a pin to authenticate.
Currently, you can can follow this guide to, Use your security key as a second factor for your 1Password account, if you would like to set this up.
If you have any other questions or feedback to share, please let us know and we'd be happy to assist you further!
ref: 32405602
0