"You need to enter your account password before you can use Windows Hello" after boot
1Password is not offering a Windows Hello fingerprint login after boot, giving me the message "You need to enter your account password before you can use Windows Hello." If I'm reading the help information correctly, that indicates 1Password is not using my TPM module to store an encrypted copy of my password. After I boot and enter the 1Password password, it'll take the Hello fingerprint until I reboot. Windows login consistently accepts my fingerprint for login.
Here are the details:
- Windows 10 22H2
- Asus Z170 Deluxe mainboard and Intel i7-6700K CPU (circa 2015)
- Asus TPM-M R2.0 14-1 Pin TPM Module add-on card
- Windows reports TPM specification version 2.0 and sub-version 1.16 (9/21/2016)
- Windows says "The TPM is ready for use"
- Fingerprint reader is Kensington VeriMark USB Fingerprint Key Reader
1Password allow me to check "Unlock using Windows Hello" and "Show Windows Hello prompt automatically." It does NOT allow me to check "Use the Trusted Platform Module with Windows Hello".
Can you tell me how I can get 1Password to always accept a Windows Hello fingerprint login, while only prompting for my password rarely, like every 30 days?
1Password Version: 8.10.13
Extension Version: 2.14.1
OS Version: Windows 10 22H2
Browser: Brave v1.57.57
Comments
-
Hello @pastreit,
Sorry for the delay in response and the troubles you are experiencing with Windows Hello requiring you account password after a restart.
Based on the information provided it sounds like things are set up correctly with your device but you are still running in to troubles due to the inability to enable the TPM option for 1Password.
Since your TPM is enabled and ready for use, but the option is still greyed out, it's likely that Windows Hello was set up on your device before your TPM was enabled. This would cause your Windows Hello keys to not have been moved to hardware storage.
You can try removing all of your Hello options (face, fingerprint, and PIN) at once, and then re-adding them. Doing this should move the key into hardware storage and allow you to enable the option to use the TPM in 1Password.
If the above steps don't immediately help, disable the Unlock using Windows Hello option in your 1Password settings, fully quit and restart the app, and then enable it again, and see if the TPM option is still greyed out.
If you are still having troubles, I'd like to ask you to create a diagnostics report from your Windows PC:
Sending Diagnostics Reports (Windows)
Attach the diagnostics to an email message addressed to
support+forum@1password.com
.With your email please include:
- A link to this thread:
https://1password.community/discussion/142077/you-need-to-enter-your-account-password-before-you-can-use-windows-hello-after-boot
- Your forum username:
pastreit
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks!
ref: FAN-71525-518
0 - A link to this thread:
-
@ag_mike_d, removing all of the Hello options and re-adding them solved the problem. I'm a little surprised by that since I'd previously cleared my TPM in the Windows security processor troubleshooting area. Regardless, once I followed your steps, 1Password allowed me to check "Use the Trusted Platform Module with Windows Hello" and I was able to unlock 1Password using a fingerprint after a Windows boot for the first time. Thank you for your help!
Paul
0 -
Thanks for getting back to me, @pastreit!
That is a bit odd, but I'm glad to hear everything is working with Windows Hello after re-enrolling these options.
If you start encountering this issue again in the future, let us know and we'll continue the conversation via email! Thanks!
0