I have and use One Password on both iPhone and iPad. Why do you require use to touch little logo

SteveJay7
SteveJay7
Community Member

Don't understand why, if we enabled Touch ID, as I have on iPad and iphone, we often have to tap the little fingerprint before using it. Why can't we just use Touch ID. This especially happens after a restart or when using 1 Password for first time in a session. This is fixable, please change it.


1Password Version: 6.8
Extension Version: Not Provided
OS Version: 10.3.3
Sync Type: Icloud
Referrer: forum-search:Touch ID

Comments

  • Hi @SteveJay7,

    The reason we do this is political, rather than technical. We could simply prompt for Touch ID all of the time (as long as Touch ID is enabled). We choose to show the "quick unlock" icon when the phone reboots to remind folks that they have a Master Password. Many people don't remember that they even have one, let alone what it is, and that is extremely dangerous. Touch ID is a great convenience, but even when using it your data is encrypted with your Master Password. It can only be decrypted with your Master Password. And so it is of extreme importance that you remember it. This extra step on reboot is there to remind you of that. It is not optional. I'm not aware of any plans to change that at this point, but we do appreciate the feedback, and will take it into consideration.

    Thanks.

    Ben

  • SteveJay7
    SteveJay7
    Community Member

    Ok, then allow those of us who have been using 1Password for years to have this as an optional way to sign in. Please. This is a very annoying additional step that really is not needed for experienced users

  • AGKyle
    AGKyle
    1Password Alumni

    Hi @SteveJay7

    I had helped Ben with the details of this question so I'm jumping in here for this response. I'm also one of the couple of people who maintain how our applications behave from the lock screen. We tend to call it a "Lock Service" and it helps maintain state and control over how we lock and unlock.

    Most users are going to encounter this due to having the "Never" option enabled as part of Require Master Password.

    The "Never" option is a very dangerous option in general unfortunately. Dangerous in the sense that when it works it works well enough that users never get prompted for their Master Password and new users will most definitely find a way to forget their Master Password if they are never forced to type it in. This is an issue we've had to contend with for awhile and we seemingly only made it worse on ourselves and our users by adding the Never option to begin with. My personal opinion is that we should remove the Never option because it can cause some of our new users to lose access to their data and simply not realize it until it's too late. In those cases there is nothing we can do to help those users either.

    The behavior you're seeing here is only one step in what we ultimately would need to do to help prevent this. The other more obvious step is a way to prompt the user to enter their Master Password on a regular basis, even in the unlocked application, as a test to see if they remember it and then if they do not they're aware but still have access. This is something we are working towards.

    I do not believe we will be changing the behavior of this option. It's an extra tap, and I understand it may be frustrating but adding another option to the application, particularly for this issue, is just adding complication that I don't feel is necessary. Your feedback is definitely helpful and maybe if we seen a great deal of complaints about this it's something we would more strongly consider but as far as I am aware you're the only one who has had anything negative to say and spoke up to say it. I'm sure there are others out there that don't like it and they just may not have spoken up. But unless we're seeing large numbers of users that are very unhappy about this behavior I really don't think it's going to change. In general practice, I agree with you about how it should behave, however knowing the reality of the entire situation I know it simply can't be that way.

    We bounce to what we call "Master Password + Quick Unlock" which is the view you're seeing in a number of conditions:

    1. If the "Never" option is enabled for Require Master Password. Odds are this is where you're seeing it, and this presents itself under a reboot of the device
    2. If we encounter a recoverable Touch ID error. For instance if you manage the correct sequence of clicking the home button while trying to unlock with Touch ID, this can result in a Touch ID error and our recovery process for this is to show the Master Password + Quick Unlock option. We'll be having another that is similar to this for biometric lockout happening on the device in a future update as well.
    3. If we for whatever reason need to cancel Touch ID so we can present a dialog. Notably we do this for diagnostics reports when invoked from our URL scheme to be used pre-unlock.

    So it's possible you might run into this behavior aside from rebooting the device, but these are all by design.

    I am sorry if you find them frustrating, but there are reasons for why we do it and in at least one case it's simply not enough on its own and we need to do more so at the very least expect more changes to occur as a result of that. But the core behavior here is unlikely change in the near future.

    Again we hate frustrating our users but this is probably one we're going to take a bigger stand on than not because it's something we have clearly seen causing our users data loss issues, due to forgetting their Master Password.

    I hope that helps shed some light on the issue at the very least. I realize this is probably not the answer you want to hear, but I hope that at the very least by being honest and upfront about it you'll understand our concerns and rationale. We don't expect you to agree necessarily and this isn't meant to convince you, it's just information that we can pass along to you so that you see why we made the decision we made.

This discussion has been closed.