Why am I ever offered a choice between TouchID and master password?
I haven't quite detected the pattern, but sometimes when I start 1Password on iPhone or iPad, it takes me directly to a screen that includes both a password field and a "use TouchID" button, as shown in the attached screenshot.
This makes sense as a destination to go to after canceling a TouchID verification, but as the default option it seems a bit weird. I ALWAYS want to use TouchID when possible; why would I ever prefer to enter a password if I had a choice? Is this a bug?
1Password Version: 6.4.4 iOS
Extension Version: Not Provided
OS Version: iOS 10
Sync Type: Dropbox
Comments
-
@GSnyder: Great question! This will depend entirely on how you have 1Password configured in Settings > Security and Settings > Advanced > Security. For example, I have it set to require the Master Password after a device reboot. And regardless, 1Password will always require your Master Password if you lock it manually with Settings > Security > Lock Now.
But in your screenshot, you do have a choice! You can enter the Master Password, or tap the "fingerprint" icon to use Touch ID. This is the screen you'll be presented with any time Touch ID is active but you've dismissed it previously. I hope this helps! :)
0 -
@brenty: This is the screen you'll be presented with any time Touch ID is active but you've dismissed it previously.
Aye, there's the rub. I believe I've been seeing this screen without a prior dismissal of the TouchID panel.
I'll see if I can document the circumstances more specifically.
0 -
I believe I've been seeing this screen without a prior dismissal of the TouchID panel.
@GSnyder: Ah. If that's the case there isn't much that 1Password can do I'm afraid. Touch ID is controlled solely by the OS. However, any information you can provide would be greatly appreciated! If we're able to collect data (or, better yet, reproduce the issue), we'll absolutely pass the finding onto Apple. Problems almost always have solutions! :)
0 -
OK, I think I have a better handle on what's going on here and a specific suggestion to make the UI smoother.
The underlying context is that when the operating system's TouchID authentication is invoked, it not only presents a modal dialog, but it also has the effect of freezing the entire UI of the phone. You cannot click the Home button to go back to the springboard. You cannot double-click the Home button to see an overview of recent apps. You cannot use an iPhone force-edge-swipe gesture to switch to an "adjacent" app, nor can you use the iPad equivalent, a four-finger swipe. The only actions you can perform are to authenticate with a finger or to explicitly cancel. This is all OS-level stuff that's out of 1Password's control once TouchID authentication has been initiated, as you (@brenty) noted.
I use force-edge-swipe and four-finger swipe pretty frequently to switch among recent apps. But since 1Password is so useful, it's usually among the most recently used apps. Sometimes it's the app I'm actually trying to get to, but often it's just an app that I want to skip past on the way to something a little deeper in the history. The latter case is the one that causes problems.
1Password's current behavior is to activate TouchID authentication immediately upon entering the foreground, as long as no previous TouchID authentication session has been canceled following the previous unlock of the app. That convention locks up the phone during app switching, since you can't just swipe past 1Password to get to another app.
To get rid of the TouchID dialog, the Cancel option is much quicker than doing actual touch authentication since it doesn't invoke a TouchID delay and doesn't activate 1Password's unlocking animation. Also, your hand is guaranteed not to be on the Home/TouchID button in this situation because you've just been doing a force-edge-swipe or four-finger swipe. So I would imagine that the natural tendency is to use Cancel rather than just authenticating.
OK, that's all context. It's not ideal that 1Password's auto-TouchID impedes app switching in this way, but there's probably nothing you can do about it given Apple's API.
However, here's what I think 1Password is doing wrong: once you cancel a TouchID authentication session, 1Password remembers that choice and won't auto-invoke TouchID authentication until you successfully unlock the app. You may have canceled TouchID days ago and used many other apps since then, but when you "open" 1Password--even from the springboard--you still get the password-or-TouchID choice instead of the TouchID dialog. This feels strange and subjectively inconsistent.
Perhaps 1Password's "user canceled TouchID" flag should be reset whenever 1Password leaves the foreground. That would mean that TouchID authentication would be auto-initiated each and every time the app is activated. If you wanted to use a password instead of TouchID, you would just cancel TouchID authentication and then enter the password.
It has to be possible to use a password instead of TouchID, but only a few edge scenarios require this (phone in the hands of a friend who knows your 1Password master password but is not a frequent enough user to have been set up for TouchID; using the app while wearing phone-friendly gloves). So this isn't really a case that the UI should be optimized for.
I suppose the thought behind the current behavior was that maintaining the "user canceled TouchID" state across app activations would help to facilitate app switching. You might have to dismiss TouchID once, but then you could pass over 1Password smoothly without having to argue with TouchID in the future. However, I personally find that I unlock 1Password frequently enough that the second-swipe-by behavior isn't actually all that helpful. I'd rather have a separate preference that turns auto-invocation of TouchID on or off completely and consistently.
0 -
@GSnyder: This is some really interesting feedback! Thank you! I thought I knew where you were going at first, but you surprised me by taking it in another direction! :chuffed:
Personally, I most frequently encounter a similar Touch ID "blocking" issue when using slideover on my iPad, and, to a lesser extent, "oops" app switches on my iPhone. But I can see how that would be different when using gestures on an iPad. I'm glad you brought that up because it's different from my own use!
Now, where you surprised me was that I thought you were going to suggest that Touch ID only be invoked using the "fingerprint" icon on the 1Password lock screen. That way it would stay out of the way until you needed it. Frankly, this is a tough one, because a good argument can be made either way: offering Touch ID every time for convenience, or "remembering" its dismissal on subsequent launches. I'm not sure that another setting is the right answer is here, but it's something we'll continue to evaluate. Thanks again for bringing this up! :)
0
