Touch ID not always the default

hmahaffey

I have set up my iPhone 6 to use Touch ID for 1Password. Sometimes (and I'm not clear what triggers this), when I start 1P I am not prompted for my Touch ID, but rather see the traditional "Master Password" lock with a thumb print icon under it. I have to touch the thumb print icon to get it to pop up the "Touch ID for '1Password'" prompt.

I think it may be after some period of time, maybe after "unloading" the app, that it comes up and does this.

If I have Touch ID set, why would it ever come up with the old Master Password prompt unless I had failed with the Touch ID?

Thanks for the great software and excellent support!!

---

1Password Version: 6.4.2
Extension Version: Not Provided
OS Version: iOS 9.3.2
Sync Type: Not Provided

Vee_AG

Hi @hmahaffey,

Thanks for reaching out to us here in the support forum with your question about Touch ID unlock. I'll be happy to help you with this. :)

Can you please check some 1Password settings for me and let me know what you see under each of these:

• Settings > Security
• Settings > Advanced > Security > Require Master Password

You can type out your settings or just post screenshots of each of those screens, whichever you prefer. I suspect that checking those settings may answer your question for you, but otherwise, knowing what they are will help us give you more specific help with this. Thanks!

hmahaffey

As you can see, I have TouchID on and Require Master Password set to Never. I can't quite figure out how to recreate this reliably. But usually when I haven't opened it in awhile, it will look like this (which I consider a confusing screen, as it's not clear that to use TouchID you have to touch the thumbprint, as it won't accept TouchID on this screen):

Anything else I should post to help out? Thanks!!!

:)hal

Ben

Hi @hmahaffey,

Thanks for those screenshots! Nothing looks out of the ordinary there though. When the device reboots or the system times out Touch ID for another reason you'll see that fingerprint icon and need to tap that before Touch ID can be accepted. This is expected behavior, unless I'm misunderstanding the issue?

Thanks!

Ben

hmahaffey

I don't think I should have to tap the thumbprint to bring up TouchID mode. I would think that if "Require master password" were set to "Never", that 1P would ALWAYS ask for my TouchID, and only prompt for the master password if the TouchID login failed. Sometimes when I start 1P it asks for my TouchID. Sometimes it asks for me to choose whether I want TouchID or Master Password. But since MP is set to "Never", I don't think it should ask for this.

"Expected behavior" to me is that 1P would prompt for my TouchID always, and Master Password only when TouchID fails. Can 1P be enhanced to do this? Am I the only one this is happening to?

:)hal

Ben

I don't think I should have to tap the thumbprint to bring up TouchID mode.

I understand. That is the current state of things though. It certainly should be the case every time you launch 1Password, but as I mentioned: any time the device reboots, or if the OS times out Touch ID (i.e. you haven't used it in a number of hours).

I would think that if "Require master password" were set to "Never", that 1P would ALWAYS ask for my TouchID, and only prompt for the master password if the TouchID login failed.

It does; that is true. But you do have to tap the Touch ID icon in order to authenticate with Touch ID when it appears.

Sometimes it asks for me to choose whether I want TouchID or Master Password. But since MP is set to "Never", I don't think it should ask for this.

You always have the option of unlocking your vault with your Master Password. We have no intention of changing that. But it isn't required if Touch ID is active.

Can 1P be enhanced to do this?

Probably not in the short term, no. But I will bring the thought up to our development team so that if changes are made in iOS to enable this we can keep an eye out.

Am I the only one this is happening to?

Not at all. My devices behave the same way. That is how it is currently designed to work.

Thanks!

Ben

hmahaffey

I understand what you're saying, and I thank you for all the explanations. But I'm still unclear on the value of the selection screen that comes up after what you call a 'time-out'.

I start my device and choose TouchID and use TouchID all day. In and out of 1P I go, merrily logging in to things. Yay, 1P! :) Suddenly the OS has decided too much time has passed with no TouchID, to it "times it out". This causes distress for 1P who feels the need to ask me whether I wish to use my Master Password or continue to use TouchID. I don't have to use my Master Password, I can just touch the TouchID icon and continue as before.

Question: what value does this add? It is a non-intuitive (and, frankly, annoying) interruption in the flow of things. (I say non-intuitive because it took me a while to realize that to continue using TouchID that I had to touch the thumbprint.) This doesn't add any additional security. And it's not like the OS is telling 1P that you CAN'T use TouchID, since to use it all I have to do is touch the TouchID thumbprint icon. I don't see what the value of this screen is, nor why an "OS time-out" would force 1P to have to put the screen up in the first place. Control is in the hands of 1P, not the OS, so it's not the OS requiring 1P to make the user choose.

I'll argue that it's not necessary the first time 1P starts up after reboot either.

Simply always ask for my TouchID. If I hit cancel, I can use my Master Password. That selection screen isn't required, and it doesn't add any security, so why bother with it? If the OS times out TouchID, 1P can detect that and just do whatever action is triggered when we press the thumbprint icon.

Or I'm missing something very fundamental, which is always a possibility! :)

khad

@hmahaffey,

I think there is a big misunderstanding. We actually (thought we) fixed what sounds like exactly this bug in 1Password 6.4.1. From the 1Password 6.4.1 release notes:

Fixed an issue that caused 1Password to show the Master Password field and Touch ID icon when it should have prompted directly for Touch ID.

I can say that this used to bug me as well, but it was resolved for me a while ago. It's possible that the bug remains in 6.4.2, and I'm just not seeing it since it was re-resolved(?) in a later beta. (I'm running newer beta builds than the 6.4.2 version available in the App Store.)

So, the fact that you are seeing this does sound like a bug to me. You're not missing anything — fundamental or otherwise. :)

I am optimistic that this should be resolved in the next stable update, but I'm going to get some developers' eyes on this in case there is something that I am missing. ;)

khad

@hmahaffey,

I have a follow up already. @bwoodruff reminded me about this article I wrote:

Use Touch ID to unlock 1Password on your iPhone or iPad

To write the article, I did a whole lot of testing to make sure everything in it was completely accurate. Somehow I had forgotten about this part:

Sometimes, you won’t see the prompt:

• If you’ve canceled the Touch ID prompt
• If you’ve restarted your device

You can still use Touch ID. Tap the Touch ID button under the Master Password field, and the prompt will appear.

For some reason I thought you were seeing that at other times. If it’s just when restarting your device (and obviously if you cancel the Touch ID prompt), that is 100% expected behavior.

That said, I still don’t know why we wouldn’t just show the Touch ID prompt even in that case. I've asked the devs if there is some reason we have to do it this way. I believe there are other apps that don't do it this way, but perhaps there is a specific limitation or requirement that I'm just not aware of.

AGKyle

@hmahaffey

To follow up on what the others have said. The reason why we have chosen to implement things this way is primarily to make sure people understand that yes indeed they do have a Master Password.

I suspect that most people on this forum likely use 1Password across multiple devices, and that most of you also realize you typed your master password in at some point and that you need to remember it. However, newer users and particularly those who are only using iOS may get so used to Touch ID being used that they simply forget that they were ever asked for a master password when setting it up and in this situation could open 1Password one day and be asked for a master password but not know it, or as the case has been a few times insistent that they never entered a master password at all.

So, when we say "Never" we're not saying "Never ever" we're saying "Never, with some limitations"

1. Device reboots will prompt you for the master password, with the option to unlock with Touch ID by tapping the icon. This is unlikely to change. We need people to know they typed their master password in at some point and that they should remember it. I realize that for some of you this is extremely fussy and that it may interrupt your flow, but you're also not on the end of support where we have to tell a customer we cannot recover their data because they forgot their master password, something they insist they never provided us during setup. We're really trying to help prevent that from being more common. Sometimes the needs of the few outweigh the needs of the many :) The thought goes that if we ask them for it once in awhile it's going to jog their memory. Hopefully.
2. There may be bugs here that are extremely hard to come by in testing, unfortunately, we are unlikely to look into fixing them at this time. Why? Well, because we're working on a better, faster, and stronger system for the next major version of 1Password. What handles all the lock related tasks in the current version of 1Password (we call it the Lock Service) is quite old, and while there is technically nothing wrong with being old normally, the problem has been that it was designed for a different time (notably before extensions) and we've had to tack on a lot of additions to it that are actually not easy to implement due to design choices when it was originally written. We're reworking things completely in the next version and as a result will hopefully fix all of the outstanding bugs with our locking system. It's a massive undertaking and I hope we'll see it in beta soon.

So, that's all to say "Yup, we realize it may be weird to see that Touch ID icon and the Master Password prompt, but we're hoping it helps users remember they provided a master password and it should only pop up after device reboots." If it is popping up in other ways, well, hopefully in 1Password 6.5 you'll see this stop happening but given the massive number of rewrites in this area that are happening hunting down bugs in the current app just doesn't translate to the version 6.5 and therefore we can't fix the same bug.

I hope that helps give some insight into things and answers some of your questions. If you have any further questions please don't hesitate to let me know and I'll see what I can do to get you answers.

denisdp

Device reboots will prompt you for the master password, with the option to unlock with Touch ID by tapping the icon. This is unlikely to change. We need people to know they typed their master password in at some point and that they should remember it. I realize that for some of you this is extremely fussy and that it may interrupt your flow, but you're also not on the end of support where we have to tell a customer we cannot recover their data because they forgot their master password, something they insist they never provided us during setup. We're really trying to help prevent that from being more common. Sometimes the needs of the few outweigh the needs of the many :) The thought goes that if we ask them for it once in awhile it's going to jog their memory. Hopefully.

"We are making our customer's life a little bit harder in order to make ours easier with customer support".

In my opinion, improving customer support should never be done at the expense of the flow for the customers who use the app the way it was intended to be used in the first place. If you receive that many requests from users having forgotten their master password, it seems to me that something (else) needs to be fixed, possibly the vault creation process?

Looking forward to seeing this new lock service at work, though.

khad

Looking forward to seeing this new lock service at work, though.

You and me both! :)

Years ago, we actually had an option to store the Master Password for 1Password for Mac in the OS X Keychain. With the number of problems it caused due to folks flat out forgetting they even had a Master Password, it would have been wholly irresponsible to leave the option in the app. An extremely important — yet often overlooked — aspect of security is data availability. It doesn't matter how secure your data is if you can't access it when you need to.

AGKyle

Hi @denisdp

"We are making our customer's life a little bit harder in order to make ours easier with customer support".
In my opinion, improving customer support should never be done at the expense of the flow for the customers who use the app the way it was intended to be used in the first place. If you receive that many requests from users having forgotten their master password, it seems to me that something (else) needs to be fixed, possibly the vault creation process?

The mention of support was merely to indicate that it happens and we hear about it. We aren't trying to make our lives easier, we're trying to make our users lives easier. It just so happens that in this case the users aren't the power users who understand these things. We're trying to protect users from losing their data. It isn't easy for our support team to say "Sorry, we can't recover your data" but that is in fact easy compared to a user having to figure out how to reset passwords and deal with that whole thing. Generally that type of problem means we lost a customer as well, and understandably so, they're upset and feel we did them wrong.

As Khad mentioned, in 1Password 3 for Mac it used to be possible to store your master password in the OS X keychain and never have to enter it. It was possible for users to lose their master password, one they never entered for years in some cases, due to this. Likewise, in 1Password 3 for iOS we had a PIN code and Master Password option. Some items could be protected by a PIN code while others the Master Password. In the same way as above, users would unlock with their PIN and forget their master password if all of their primary items were only protected by the PIN code.

We have a history of giving users what you're asking for, the ability to never enter your master password, and it hurting some users. Admittedly it's a small number of users, but if we can protect these users it's a good thing. We're trying to find ways to provide users like yourself with these options but perhaps with some minor inconvenience while also trying to help users who were previously hurt by it.

We're trying to give users what they ask for while keeping an eye on the possible drawbacks. It's not an easy balance, and maybe this current iteration isn't the right way to do it, but for now, it isn't changing until we find a better solution. We try our best to adjust to user feedback. That said, the amount of negative feedback we've gotten to this change has been pretty minimal. I usually hear about it because I'm the one who made the change. If the worst we have is a handful of users upset but that we're providing some precautions to help users who may otherwise get in a bad position then I think we're doing pretty well, assuming the precautions work, and that's something that's simply going to take us time to learn about.

Looking forward to seeing this new lock service at work, though.

Except for some potential bug fixes, to users like yourself, a vast majority of things won't change :) This change is entirely for us as developers and some of the side effects are going to be some bug fixes (hopefully) that benefit users. Hopefully it'll mean we can iterate on our locking system more after this without fear of introducing new edge case bugs.

I hope that helps explain my previous response a bit more.

hmahaffey

First of all, I want to thank everyone for such prompt and thoughtful replies. I understand that people are often stupid and forget the underlying realities behind their shortcuts. But that still doesn't explain a couple things:

1) If the screen has to exist, please understand that it is a bit confusing. I accidentally found out I could still use my TouchID by touching the fingerprint icon. It's not clear what that screen is asking for. If it wants a master password, why isn't the keyboard activated?

2) Still not sure I understand why my TouchID can't work on this screen. Why not prompt for the master password (with the keyboard active) but still allow me to secretly use my TouchID? I use 1P on my mac and an old iPad (without TouchID), so I'm not likely to forget my password that easily. Besides, it's written on my laptop case. (Just kidding! :)

So no one else has complained about this. In a way this makes me feel special. :) But did you really get that many reports from people who forgot their master password? And, more importantly, have you seen a noticeable drop-off in those reports since implementing this?

Thanks for the help, the great product, and the first-class customer service! You'll always be 5-stars to me...

:)hal

khad

Thanks so much for your kind words, @hmahaffey!

1) If the screen has to exist, please understand that it is a bit confusing. I accidentally found out I could still use my TouchID by touching the fingerprint icon. It's not clear what that screen is asking for. If it wants a master password, why isn't the keyboard activated?

It does seem a bit contradictory. If we want folks to be able to use Touch ID there, why not just pop up the Touch ID prompt automatically? If we want folks to enter their Master Password, why not pop up the keyboard (as you suggest) and even eliminate the option to use Touch ID after a device restart? I think @AGKyle may have to weigh on that. My thinking is that we should pick one or the other, but at the moment it does seem to be a slightly confusing middle ground.

2) Still not sure I understand why my TouchID can't work on this screen. Why not prompt for the master password (with the keyboard active) but still allow me to secretly use my TouchID? I use 1P on my mac and an old iPad (without TouchID), so I'm not likely to forget my password that easily. Besides, it's written on my laptop case. (Just kidding! :)

You joke, but we actually agree with security expert Bruce Schneier: "Write down your password." The key is to keep it somewhere safe, like where you keep your birth certificate and passport. On the laptop case would not be an ideal location. Haha! :)

I think there is still room for improvement, but the current implementation does allow you to use Touch ID. You just need to tap the Touch ID button under the Master Password prompt: one extra tap. However, this is a relatively recent addition. You used to only be able to unlock with the Master Password after a device restart. It has me worried that my answers to your next questions may not be as emphatic if we keep it this way for too long.

But did you really get that many reports from people who forgot their master password? And, more importantly, have you seen a noticeable drop-off in those reports since implementing this?

An emphatic YES and YES. If it was only a few people, we probably would have sucked it up. But it really was too much to bear. We knew we could help (if even in just a small way), so we did. We still get "forgot my Master Password" issues, but we are no longer seeing the ones that could have been prevented due to making it possible to use 1Password without ever typing in the Master Password. Those were especially painful since we knew we could do something about them.

I hope you can appreciate how this seemingly obvious little design decision can have pretty big consequences, so we don't make changes to it lightly.

I think we all want the same thing: security and convenience. We just have to balance security of one kind (ease of unlocking 1Password to make it more likely that you'll use strong, unique passwords in more places) with security of another kind (data availability because you haven't forgotten your Master Password).

AGKyle

Hi @hmahaffey

Khad covered most of it I think but I'll chime in with a few more details:

1) If the screen has to exist, please understand that it is a bit confusing. I accidentally found out I could still use my TouchID by touching the fingerprint icon. It's not clear what that screen is asking for. If it wants a master password, why isn't the keyboard activated?

I'm not entirely sure why the keyboard isn't activated, I think it's partially due to the state change that had to happen but this is something I can look into later. I have bigger fish to fry at the moment but you are right that we might be able to do better here. Priorities, I tell ya, I'm drowning in high priority stuff :)

2) Still not sure I understand why my TouchID can't work on this screen. Why not prompt for the master password (with the keyboard active) but still allow me to secretly use my TouchID? I use 1P on my mac and an old iPad (without TouchID), so I'm not likely to forget my password that easily. Besides, it's written on my laptop case.

So this is partially a limitation in iOS. Basically we can do two things:

1. We can bring up the keyboard and have focus in the master password field
   1b. Technically we can just have the lock screen shown, what we show on that screen is whatever we want, including the above item
2. We can bring up Touch ID.

When you turn on the screen of your iOS device you can immediately use Touch ID even while the keyboard is visible. This is a unique behavior to the lock screen though. When 3rd party apps need to use Touch ID the dialog you see in 1Password, that has to be visible. When that is visible, nothing else can happen.

So we have to make a choice here, we can't do what Apple does, only one or the other. I wish we could secretly ask for Touch ID here, but unfortunately, that isn't an option, only Apple can do that.

Let me or Khad know if you have any other questions or feedback. We're always happy to listen, even if we don't necessarily act on it. I treat feedback and bug reports in a particular way that perhaps isn't well documented but if you think about it it makes sense:

Data loss is a top priority, if it's a bug report or improvement request, we start factoring in how many people are asking for it or reporting it. If it's only a handful of people it's a "maybe someday" type situation. If it's being requested by several people a day and many more during a week, that's probably something we should look into. But, we also have major new features we want to add to 1Password and those are often large tasks that take a great deal of time. It's all a balancing act and we just have to do our best. We may miss sometimes and prioritize the wrong thing but we do what we can based on the information we have available to us.

We do absolutely zero analytics in 1Password. So, we don't know what features use the most or where they're encountering trouble. It's entirely feedback and bug report based. Some apps gather analytics and they have an advantage that they can focus on things they can see people having trouble with due to that. We can't, as our users expect a certain amount of privacy and we've earned a trust from our users to not gather data about them. It makes things a bit more complicated and sometimes the feedback we receive is biased towards one thing or another when it shouldn't be.

I hope that gives some feedback into how some of our decisions have to be made and how sometimes those decisions can be wrong, not because we're bad at what we do but because the data is simply not a complete picture. :)

hmahaffey

Thanks for the update. I appreciate the hard work you guys do (I was a developer for many years), and I certainly understand priorities. I simply thought this was something easy to do.

I see that you need people to use their master passwords occasionally. In fact, Apple does it too, when you power on your device. Why don't you do it exactly that way? "1Password requires your master password after power-on", and pop up the keyboard.

In fact, don't allow TouchID at all on that screen! You say you need to ask for master password else people will forget them, but you still allow TouchID (by touching the fingerprint icon). That seems a little silly to me. :)

You don't need to reply any more, I already feel bad enough about wasting so much of your time as it is. But if you're accepting requests, here's my Biggie: have 1Password interface with APPS to enter passwords! I have a Starbucks app, and a Cava app, and a Chipotle app, and a Panera app, and and and..... Why don't their login screens have 1P icons!!!?? :) :) :)

Now get to work! :-D

:)hal

AGKyle

@hmahaffey

No worries at all! Part of our job as developers is to help users. Whether it be by fixing bugs or answering questions. The benefit to responding here means that our customer support team also learn and have reference points, so it's time well spent.

Technically, what you're asking is possible. If you goto Settings > Advanced > Security > Require Master Password and change that to anything other than "Never" you'll get what you're suggesting. Basically, even after restarts of the device you'll be asked for the master password.

The Never option is a recent addition and is the cause of all of this discussion. Users have been asking for this for a long time and we're happy to give it to them but it just comes with some caveats :) Never ever ever asking for it is a bad idea, as past history has taught us. We want to provide this option but also make sure users do not forget their master passwords as a result. Because technically, with Never turned on, a user could theoretically never be asked for their master password after setting up the app.

As for your request, that is something iOS developers can already implement. But it's up to the other developers to do so. If you want Starbucks, Cava, or Panera to support this, you'll need to ask them and have them implement the above extension. We're always available if they have questions as well.