How to require master password more often

DJAllen
DJAllen
Community Member
in iOS

I'd like to have the convenience of touch id, but would prefer it to last a relatively short time. That is, if I start using 1Password I'd like to require Touch id each time I return to the app, but that after about 15 minutes not using it the master password would be required next time.

I understand that you can't currently find a reliable way to expire it from the iOS keychain. Are you saying that if it is present, touch id will unlock 1Password if the secret is in the iOS keychain and there is no way you can stop that? Can't you check immediately 1Password is unlocked and if more than X minutes have expired since the user last interacted with 1Password (or maybe since Touch id was entered) remove the secret from the keychain or at least require the master password? Obviously, there would be a configuration option to avoid this and it might not be the default.

Will the secret be removed from the keychain when touch id is disabled? Or is a restart the only way to ensure the secret is removed immediately.

Alternatively, how about marking selected items as "super secret" so the master password is always required to unlock those, while others are unlocked by touch id. Or possibly make these encrypted again with a secondary password so that unlocking with touch id doesn't decrypt them. It's more complicated, but it gives extra security for critical passwords while providing easy access to the majority of passwords where the consequences of someone stealing them is relatively small.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:touch id

Comments

  • Ben
    Ben

    Hi @DJAllen,

    Thanks for taking the time to write in with the questions and suggestions.

    Will the secret be removed from the keychain when touch id is disabled?

    Disabling Touch ID, restarting the device, or selecting Lock Now from 1Password's Settings > Security screen will remove the token from the iOS keychain (forcing entry of the Master Password).

    There is a setting available under Settings > Advanced > Security called Require Master Password which you can adjust between never (the default) and 30 days (the smallest non-never value is 1 hr).

    I'd be happy to pass your thoughts along to our development team for their consideration. I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

This discussion has been closed.